Sunday, 25 April 2010

Ekantipur.com [Ekantipur -online news portal of Kantipur Daily] Vulnerability

Most of us know about Ekantipur.com, online news portal of kantipur daily newspaper. They recently came with new design and development & I was hoping to see securely coded website but I was still able to find some holes in the website. There is a SQL injection vuln in the site of kantipur daily which can be used to potentially dump the DB & then the admin panel can be compromised and possibly we can get shell in the site..
I hope they will soon fix it.. & if they want to get the information of the vulnerability, I would be happy to help them.
Database tables in the current DB:
» daily_updates
» ek_categories
» ek_gallary_comments
» ek_gallary_images
» ek_gallery_image_rating
» ek_news
» ek_news_comments
» ek_news_gallary
» ek_news_gallary_details
» ek_news_keywords
» ek_news_keywords_list
» ek_news_ratings
» ek_news_reporter_list
» ek_news_reporters
» ek_photo_features
» ek_photo_gallary
» ek_sub_categories
» ekn_categories
» ekn_gallary_comments
» ekn_gallary_images
» ekn_gallery_image_rating
» ekn_news
» ekn_news_comments
» ekn_news_gallary
» ekn_news_gallary_details
» ekn_news_keywords
» ekn_news_keywords_list
» ekn_news_ratings
» ekn_news_reporter_list
» ekn_news_reporters
» ekn_photo_features
» ekn_photo_gallary
» ekn_photo_gallary_details
» ekn_sub_categories
» exchange_rates
» horoscope
» horoscope_reading
» horroscope
» kan_categories
» kan_gallary_images
» kan_main_photo
» kan_news
» kan_news_author_list
» kan_news_comments
» kan_news_gallary
» kan_news_gallary_details
» kan_news_keywords
» kan_news_keywords_list
» kan_news_ratings
» kan_news_reporter_list
» kan_news_reporters
» kan_photo_features
» kan_photo_gallary
» kan_photo_gallary_details
» kan_sub_categories
» kq_categories
» kq_gallary_images
» kq_issue
» kq_main_photo
» kq_news
» kq_news_author_list
» kq_news_authors
» kq_news_comments
» kq_news_gallary
» kq_news_gallary_details
» kq_news_keywords
» kq_news_keywords_list
» kq_news_ratings
» kq_photo_features
» kq_photo_gallary
» kq_photo_gallary_details
» kq_sub_categories
» login_records
» models
» models_gallery_images
» nar_categories
» nar_gallary_images
» nar_issue
» nar_news
» nar_news_author_list
» nar_news_authors
» nar_news_comments
» nar_news_gallary
» nar_news_gallary_details
» nar_news_keywords
» nar_news_keywords_list
» nar_news_ratings
» nar_photo_features
» nar_photo_gallary
» nar_photo_gallary_details
» nar_sub_categories
» nep_categories
» nep_gallary_images
» nep_issue
» nep_news
» nep_news_author_list
» nep_news_authors
» nep_news_comments
» nep_news_gallary
» nep_news_gallary_details
» nep_news_keywords
» nep_news_keywords_list
» nep_news_ratings
» nep_photo_features
» nep_photo_gallary
» nep_sub_categories
» nepa_year
» nepse_chart
» news_agency
» news_keywords
» news_status
» news_types
» papers
» photo_gallary_details
» poll_option
» poll_ques
» privilege
» ratings
» sap_blow_up
» sap_categories
» sap_gallary_images
» sap_issue
» sap_news
» sap_news_author_list
» sap_news_authors
» sap_news_comments
» sap_news_gallary
» sap_news_gallary_details
» sap_news_keywords
» sap_news_keywords_list
» sap_news_ratings
» sap_photo_features
» sap_photo_gallary
» sap_photo_gallary_details
» sap_sub_categories
» stock_trading_companies
» tithi
» tkp_categories
» tkp_gallary_images
» tkp_main_photo
» tkp_news
» tkp_news_comments
» tkp_news_gallary
» tkp_news_gallary_details
» tkp_news_keywords
» tkp_news_keywords_list
» tkp_news_ratings
» tkp_news_reporter_list
» tkp_news_reporters
» tkp_photo_features
» tkp_photo_gallary
» tkp_photo_gallary_details
» tkp_sub_categories
» user_paper_privileges
» user_type_privileges
» user_types
» users
» video_categories
» videos
» weather_details
» weather_place
» wp_1_comments
» wp_1_links
» wp_1_options
» wp_1_postmeta
» wp_1_posts
» wp_1_term_relationships
» wp_1_term_taxonomy
» wp_1_terms
» wp_blog_versions
» wp_blogs
» wp_registration_log
» wp_signups
» wp_site
» wp_sitecategories
» wp_sitemeta
» wp_usermeta
» wp_users

No other dumps made over here for the reason of security. Hope they will secure it.
Thank you.

4 comments:

  1. yeah wat is vulnerable?there seems to be none...

    ReplyDelete
  2. deface them...

    ReplyDelete
  3. you might have interloped into the system while the site was still in development phase. The site is safe now to the greater extent as compared to any other news portal in Nepal. So would you delete this thread now??

    ReplyDelete
  4. म एडम्स KEVIN, Aiico बीमा plc को एक प्रतिनिधि, हामी भरोसा र एक ऋण बाहिर दिन मा व्यक्तिगत मतभेद आदर। हामी ऋण चासो दर को 2% प्रदान गर्नेछ। तपाईं यस व्यवसाय मा चासो हो भने अब आफ्नो ऋण कागजातहरू ठीक जारी हस्तांतरण ई-मेल (adams.credi@gmail.com) गरेर हामीलाई सम्पर्क। Plc.you पनि इमेल गरेर हामीलाई सम्पर्क गर्न सक्नुहुन्छ तपाईं aiico बीमा गर्न धेरै स्वागत छ भने व्यापार वा स्कूल स्थापित गर्न एक ऋण आवश्यकता हो (aiicco_insuranceplc@yahoo.com) हामी सन्तुलन स्थानान्तरण अनुरोध गर्न सक्छौं पहिलो हप्ता।

    व्यक्तिगत व्यवसायका लागि ऋण चाहिन्छ? तपाईं आफ्नो इमेल संपर्क भने उपरोक्त तुरुन्तै आफ्नो ऋण स्थानान्तरण प्रक्रिया गर्न
    ठीक।

    ReplyDelete