Wednesday, 23 December 2009

National Information Technology Center site vulnerability

The official website of National Information Technology Center suffers from SQL injection and hence, the login information and other data can be taken away from the database. The worse part is that by uploading shell, one could not only deface nitc.gov.np but also other sites hosted on the server to name few: nepalgov.gov.np, hlcit.gov.np

Just amazed that the center has got so many computer engineers and they are vulnerable to such a simple hack. They need to learn the sense of security to build secure digitalized nepal. Also, what is the fucking point of putting the files in admin panel folder and letting users download from them. And guys, you need to learn to prevent index browsing (its so open) and also the usage of sessions in PHP...

Screenshot:




Thanks... and absolutely no offense to them. We just want the secure nepal.

3 comments:

  1. wtf? national information technology center vulnerable... you should have owned them and they would have learnt it better

    ReplyDelete
  2. ok tell us how you do it. help others learn too

    ReplyDelete
  3. why don't you deface that shit? Get root and mass deface bro. This is the only way to make them aware of this.

    ReplyDelete