Wednesday, 23 December 2009

National Information Technology Center site vulnerability

The official website of National Information Technology Center suffers from SQL injection and hence, the login information and other data can be taken away from the database. The worse part is that by uploading shell, one could not only deface nitc.gov.np but also other sites hosted on the server to name few: nepalgov.gov.np, hlcit.gov.np

Just amazed that the center has got so many computer engineers and they are vulnerable to such a simple hack. They need to learn the sense of security to build secure digitalized nepal. Also, what is the fucking point of putting the files in admin panel folder and letting users download from them. And guys, you need to learn to prevent index browsing (its so open) and also the usage of sessions in PHP...

Screenshot:




Thanks... and absolutely no offense to them. We just want the secure nepal.
Posted by at
Labels: , ,

2 comments:

  1. Anonymous24 December 2009 at 01:04

    wtf? national information technology center vulnerable... you should have owned them and they would have learnt it better

    ReplyDelete
  2. R!z@n30 December 2009 at 00:33

    ok tell us how you do it. help others learn too

    ReplyDelete

Subscribe to: Post Comments (Atom)