Anyway, the MySQL>5 allows me to take all DB details and entities in it. Also, the admin panel is vulnerable to login bypass due to lack of filtration of the data.
Below is the screenshot of the logged panel:
Thank you and hope they fix it...
Monday, 4 January 2010
Ministry of forests & soil conservation vulnerability
As usual, another government site is vulnerable to SQL injection and this time, it can be used to mass own the server. I don't know why these fucking guys do such a poor coding. I just don't know who's kid, me or these guys.
Anyway, the MySQL>5 allows me to take all DB details and entities in it. Also, the admin panel is vulnerable to login bypass due to lack of filtration of the data.
Below is the screenshot of the logged panel:
Thank you and hope they fix it...
Anyway, the MySQL>5 allows me to take all DB details and entities in it. Also, the admin panel is vulnerable to login bypass due to lack of filtration of the data.
Below is the screenshot of the logged panel:
Thank you and hope they fix it...
Subscribe to:
Posts (Atom)