Sunday, 20 December 2009

www.indianembassy.org.np SQLi vulnerability

www.indianembassy.org.np is the official website of Indian Embassy in Nepal and the site is vulnerable to common SQL injection vulnerability.
The site uses mysql version 4 so no information_schema. So I just did bruteforcing by coding small script in PHP to find the valid username/password combination but they are pretty guessable. I didn't think of defacing because it is an organization and defacing such organizations totally would be wrong thing but I posted a news in the site.
Below is the screenshot:





Absolutely no offense to indian embassy. But we hope you will be securing yourself after this pwnage.
Regards

4 comments:

  1. how the hell was it done? Fuck even Indians are vulnerable, lulz.

    ReplyDelete
  2. good find, go on. Post more haxx0rings

    ReplyDelete
  3. Who is the main leader of this Group ? I make Worms (and Trojans) and I would like to join this Group.

    ReplyDelete
  4. still Suckers won't listening
    indianembassy:147f9d55b079a76d6ec6f36b61f4cf1a

    ReplyDelete