tag:blogger.com,1999:blog-33397232512037621292024-03-17T20:03:28.262-07:00Nep Sec || KtM-HaCKeRZ Security blognepali security and hacking team ktm hackerz shares and informs the vulnerabilities in Nepali websites and webservers. The one and only blog of first nepali hackers groupCool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.comBlogger40125tag:blogger.com,1999:blog-3339723251203762129.post-1655929784544060912010-07-18T08:56:00.001-07:002010-07-18T09:20:47.349-07:00Informatics college. Directory browsing enabled.Informatics college situated in Kathmandu promises its student that it will give you some knowledge about network security and all that fucking stuffz. Well the biggest problem is that the fuckers themself dont know about security. Take a look at this:
<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_oXLMHC4FG8I/TEMk3zmpDHI/AAAAAAAAAAM/4tn63jC4Kz8/s1600/upload.JPG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="http://2.bp.blogspot.com/_oXLMHC4FG8I/TEMk3zmpDHI/AAAAAAAAAAM/4tn63jC4Kz8/s400/upload.JPG" alt="" id="BLOGGER_PHOTO_ID_5495276511485824114" border="0" /></a>
<br />The following are the details of the server:
<br />hostname:informatics.edu.np
<br />uptime:803209s
<br />last reboot:Thu July 08 9:36:45 2010
<br />ip: 74.54.219.66
<br />hostnames:(name-type)
<br />informatics.edu.np-user
<br />lamborghini.websitewelcome.com-PTR
<br />OS-DD_WRT v23(linux kernel version 2.4.36)(ports used: 21,231)
<br />
<br />The details are as follows:
<br />
<br /><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CBishisht%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} table.MsoTableGrid {mso-style-name:"Table Grid"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; border:solid windowtext 1.0pt; mso-border-alt:solid windowtext .5pt; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-border-insideh:.5pt solid windowtext; mso-border-insidev:.5pt solid windowtext; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <table class="MsoTableGrid" style="border-collapse: collapse; border: medium none;" border="1" cellpadding="0" cellspacing="0"> <tbody><tr style=""> <td style="width: 114.65pt; border: 1pt solid windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Port<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: 1pt 1pt 1pt medium; border-style: solid solid solid none; border-color: windowtext windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Protocol<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: 1pt 1pt 1pt medium; border-style: solid solid solid none; border-color: windowtext windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">State(0-open/x-filtered)<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: 1pt 1pt 1pt medium; border-style: solid solid solid none; border-color: windowtext windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Service/version<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">7<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">echo<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">9<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Discard<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">13<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Daytime<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">21<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">ftp/PureFTPd<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">22<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Ssh<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">25<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">SMTP<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">26<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Smtp/EximSMTPd 469<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">53<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Domain<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">80<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">http<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">110<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Pop3/CourierPOP3d<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">135<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Msrpc<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">139<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Netbios-ssn<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">143<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Imap/CourierIMAPd 2006 released<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">443<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";"><o:p> </o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">445<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Microsoft-ds<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">465<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";"><o:p> </o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">993<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Imap/CourierIMAPd2008 released<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">995<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";"><o:p> </o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">5800<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Vnc-http<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">5900<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">x<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">vnc<o:p></o:p></span></p> </td> </tr> </tbody></table>
<br />also more than that i think that it is vulnerable to the sqli attack
<br />
<br />url entered: http://www.informatics.edu.np/about_us.php?inst=asdasdvasdv
<br />returned: ERROR: Unknown column 'asdasdvasdv' in 'where clause'
<br />
<br />url entered:http://www.informatics.edu.np/course_matter.php?mid=asdvasdv
<br />returned: Unknown column 'asdvasdv' in 'where clause'
<br />
<br />also the college uses the webmail based in zimbra...you can look at milw0rm for the vuls of zimbra( i dont want to tell the which version it is....try this by your own)
<br />
<br />Danepali Hackerhttp://www.blogger.com/profile/12866747289101958230noreply@blogger.com1tag:blogger.com,1999:blog-3339723251203762129.post-47695512080365094052010-04-25T19:11:00.000-07:002010-04-25T19:11:33.667-07:00LACM.EDU.NP [little angels college of management] File inclusion vulnerabilityI was checking the site of Little Angels College of Management when they were here in KU for the sports week. & in a while, I found it to be vulnerable to file inclusion vulnerability.<br />
Vulnerable URL is:<br />
http://lacm.edu.np/?lacm=[any_file_to_include]<br />
<b><br />
</b><br />
<b>/etc/passwd</b>:<br />
<br />
root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash postfix:x:89:89::/var/spool/postfix:/sbin/nologin xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin shiva:x:500:500::/home/shiva:/bin/bash ntp:x:38:38::/etc/ntp:/sbin/nologin admispconfig:x:501:501:Administrator ISPConfig:/home/admispconfig:/bin/bash<br />
<br />
And I also got the sql Db.. what the hell they are keeping database backup in the website root folder itself.<br />
See you guys.Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com3tag:blogger.com,1999:blog-3339723251203762129.post-45273984299417494952010-04-25T18:57:00.000-07:002010-04-25T18:57:25.293-07:00Ekantipur.com [Ekantipur -online news portal of Kantipur Daily] VulnerabilityMost of us know about Ekantipur.com, online news portal of kantipur daily newspaper. They recently came with new design and development & I was hoping to see securely coded website but I was still able to find some holes in the website. There is a SQL injection vuln in the site of kantipur daily which can be used to potentially dump the DB & then the admin panel can be compromised and possibly we can get shell in the site..<br />
I hope they will soon fix it.. & if they want to get the information of the vulnerability, I would be happy to help them.<br />
Database tables in the current DB:<br />
» daily_updates<br />
» ek_categories<br />
» ek_gallary_comments<br />
» ek_gallary_images<br />
» ek_gallery_image_rating<br />
» ek_news<br />
» ek_news_comments<br />
» ek_news_gallary<br />
» ek_news_gallary_details<br />
» ek_news_keywords<br />
» ek_news_keywords_list<br />
» ek_news_ratings<br />
» ek_news_reporter_list<br />
» ek_news_reporters<br />
» ek_photo_features<br />
» ek_photo_gallary<br />
» ek_sub_categories<br />
» ekn_categories<br />
» ekn_gallary_comments<br />
» ekn_gallary_images<br />
» ekn_gallery_image_rating<br />
» ekn_news<br />
» ekn_news_comments<br />
» ekn_news_gallary<br />
» ekn_news_gallary_details<br />
» ekn_news_keywords<br />
» ekn_news_keywords_list<br />
» ekn_news_ratings<br />
» ekn_news_reporter_list<br />
» ekn_news_reporters<br />
» ekn_photo_features<br />
» ekn_photo_gallary<br />
» ekn_photo_gallary_details<br />
» ekn_sub_categories<br />
» exchange_rates<br />
» horoscope<br />
» horoscope_reading<br />
» horroscope<br />
» kan_categories<br />
» kan_gallary_images<br />
» kan_main_photo<br />
» kan_news<br />
» kan_news_author_list<br />
» kan_news_comments<br />
» kan_news_gallary<br />
» kan_news_gallary_details<br />
» kan_news_keywords<br />
» kan_news_keywords_list<br />
» kan_news_ratings<br />
» kan_news_reporter_list<br />
» kan_news_reporters<br />
» kan_photo_features<br />
» kan_photo_gallary<br />
» kan_photo_gallary_details<br />
» kan_sub_categories<br />
» kq_categories<br />
» kq_gallary_images<br />
» kq_issue<br />
» kq_main_photo<br />
» kq_news<br />
» kq_news_author_list<br />
» kq_news_authors<br />
» kq_news_comments<br />
» kq_news_gallary<br />
» kq_news_gallary_details<br />
» kq_news_keywords<br />
» kq_news_keywords_list<br />
» kq_news_ratings<br />
» kq_photo_features<br />
» kq_photo_gallary<br />
» kq_photo_gallary_details<br />
» kq_sub_categories<br />
» login_records<br />
» models<br />
» models_gallery_images<br />
» nar_categories<br />
» nar_gallary_images<br />
» nar_issue<br />
» nar_news<br />
» nar_news_author_list<br />
» nar_news_authors<br />
» nar_news_comments<br />
» nar_news_gallary<br />
» nar_news_gallary_details<br />
» nar_news_keywords<br />
» nar_news_keywords_list<br />
» nar_news_ratings<br />
» nar_photo_features<br />
» nar_photo_gallary<br />
» nar_photo_gallary_details<br />
» nar_sub_categories<br />
» nep_categories<br />
» nep_gallary_images<br />
» nep_issue<br />
» nep_news<br />
» nep_news_author_list<br />
» nep_news_authors<br />
» nep_news_comments<br />
» nep_news_gallary<br />
» nep_news_gallary_details<br />
» nep_news_keywords<br />
» nep_news_keywords_list<br />
» nep_news_ratings<br />
» nep_photo_features<br />
» nep_photo_gallary<br />
» nep_sub_categories<br />
» nepa_year<br />
» nepse_chart<br />
» news_agency<br />
» news_keywords<br />
» news_status<br />
» news_types<br />
» papers<br />
» photo_gallary_details<br />
» poll_option<br />
» poll_ques<br />
» privilege<br />
» ratings<br />
» sap_blow_up<br />
» sap_categories<br />
» sap_gallary_images<br />
» sap_issue<br />
» sap_news<br />
» sap_news_author_list<br />
» sap_news_authors<br />
» sap_news_comments<br />
» sap_news_gallary<br />
» sap_news_gallary_details<br />
» sap_news_keywords<br />
» sap_news_keywords_list<br />
» sap_news_ratings<br />
» sap_photo_features<br />
» sap_photo_gallary<br />
» sap_photo_gallary_details<br />
» sap_sub_categories<br />
» stock_trading_companies<br />
» tithi<br />
» tkp_categories<br />
» tkp_gallary_images<br />
» tkp_main_photo<br />
» tkp_news<br />
» tkp_news_comments<br />
» tkp_news_gallary<br />
» tkp_news_gallary_details<br />
» tkp_news_keywords<br />
» tkp_news_keywords_list<br />
» tkp_news_ratings<br />
» tkp_news_reporter_list<br />
» tkp_news_reporters<br />
» tkp_photo_features<br />
» tkp_photo_gallary<br />
» tkp_photo_gallary_details<br />
» tkp_sub_categories<br />
» user_paper_privileges<br />
» user_type_privileges<br />
» user_types<br />
» users<br />
» video_categories<br />
» videos<br />
» weather_details<br />
» weather_place<br />
» wp_1_comments<br />
» wp_1_links<br />
» wp_1_options<br />
» wp_1_postmeta<br />
» wp_1_posts<br />
» wp_1_term_relationships<br />
» wp_1_term_taxonomy<br />
» wp_1_terms<br />
» wp_blog_versions<br />
» wp_blogs<br />
» wp_registration_log<br />
» wp_signups<br />
» wp_site<br />
» wp_sitecategories<br />
» wp_sitemeta<br />
» wp_usermeta<br />
» wp_users<br />
<br />
No other dumps made over here for the reason of security. Hope they will secure it.<br />
Thank you.Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com4tag:blogger.com,1999:blog-3339723251203762129.post-9110812291457343852010-04-25T18:50:00.000-07:002010-04-25T18:50:39.830-07:00NHNepal.com New Horizons Computer Learning Centers VulnerabilityNHNepal.com is the official site of New Horizons Computer Learning Centers in Nepal which is vulnerable to minor injection attack. This vulnerability was reported to us by someone and full credit goes to him/her for finding this.<br />
They state: <br />
With over 300 centers in 70 countries, New Horizons is the <strong>world’s largest independent IT training company</strong>. Over the past 25 years, New Horizons has delivered a full range of IT training and business skills training through innovative learning methods that have transformed businesses and helped over 25 million students reach their goals.<br />
<br />
Anyway, logged in admin panel screenshot from the hacker himself:<br />
<div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_RVRW0sa79Nw/S9TxP8AGuWI/AAAAAAAAADI/Qvbukz8pKm8/s1600/nhnepal+sql+injection.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/_RVRW0sa79Nw/S9TxP8AGuWI/AAAAAAAAADI/Qvbukz8pKm8/s320/nhnepal+sql+injection.JPG" /></a></div><br />
Thanks.. Hope they soon secure it or otherwise they will become victim of another pwnage.Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com2tag:blogger.com,1999:blog-3339723251203762129.post-28828857366618779322010-04-12T13:12:00.000-07:002010-04-12T13:12:56.817-07:00Cybersansar vulnerability re-exposedOne of the most visited sites from Nepal, CyberSansar.com is vulnerable to lots of serious injections like SQLi and XSS but today here I'm going to post the SQL injection in the site. I hope they will try to fix the site after reading this post. No offense at all to them. Moreover, the MySQL version is greater than 5 so its easier for the attacker to steal the database information.<br />
<pre id="line1">User: database => cybernepal3@localhost:cybernepal_3</pre><pre id="line1"></pre><pre id="line1">Tables:</pre><pre id="line1">album_detail
album_master
album_person_related
art_gallery
art_gallery_image
art_gallery_path
art_grp_tag_gal
art_tag_gallery
art_tag_photo
art_tags
article_person_related
author
bachelor_user_logon
bc_category_para
bc_final_person_profile
bc_person_profile
bc_photo_folder
bc_profile_list
bc_profile_para
contest_master
contest_question_detail
contest_question_master
cs_birthday_wish
discography
ethnicity_para
ev_gallery
ev_gallery_image
ev_gallery_path
ev_grp_tag_gal
ev_person_related
ev_tag_gallery
ev_tag_photo
ev_tags
event_master
event_para_person_related
event_type
gallery
gallery_image
gallery_path
group_list
grp_tag_gal
job
org_para
org_type
person_persontype
person_taghion
photographer
popular_models
pr_category_para
pr_gallery_image
pr_hion
pr_person_detail
pr_person_profile
pr_persontype
pr_persontype_para
pr_photos
pr_profile_list
pr_profile_para
pr_question_related
pr_subcategory_para
pr_users
profile
profile1
profile_persontype
register_users
section
song_genre_related
song_orginal_singer_related
song_person_related
srw_login
srw_news
tag
tag_article
tag_gallery
tag_list
tag_photo
tags
user_logon
users
users_artist
vdb_music_category
vdb_video_info
vdb_video_info_backup
video_feature_singer_related
video_genre_related
video_orginal_singer_related
video_person_related
wallpaper
wallpaper_gallery </pre><pre id="line1"></pre><pre id="line1">I'm lazy to dump each column's data lol. Anyway, its just the message to CS how insecure they are.</pre><pre id="line1">Hope they fix this soon.</pre>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com6tag:blogger.com,1999:blog-3339723251203762129.post-40875032528943158622010-03-14T06:40:00.000-07:002010-03-14T06:41:13.591-07:00NTC Great HackHi all of hackers out there.<br />Can some one tell what the fuck is happening with http://websms.ntc.net/cgi-sys/defaultwebpage.cgi this???Danepali Hackerhttp://www.blogger.com/profile/12866747289101958230noreply@blogger.com4tag:blogger.com,1999:blog-3339723251203762129.post-1776646161579314282010-03-13T08:14:00.000-08:002010-03-13T08:14:39.185-08:00SpiceNepal.com [mero mobile] VulnerabilityIts been a long time we haven't posted to this blog. Apparently, none of the members seem to be active these days including me. Maybe its because of lots of load works to do and other shits in our life. Anyway, this one is the disclosure of the security of spicenepal.com<br />
I thought to publish it now because spicenepal.com or mero mobile has now turned to NCell already.<br />
<br />
This might not be true at present but it is the data when the attack was done.<br />
<br />
Host info:<br />
Windows<br />
Apache 2.2.12<br />
PHP 5.3.0<br />
MySQL version: 5.1.37<br />
<br />
root: *CD6F0D95CC06845F457474160829CA31EA28A***<br />
eshori: *13CC2012857387DA417378DAE0D32DB4FC729***<br />
Last 3 bits changed for security purpose..<br />
<br />
Tables:<br />
PBXT_STATISTICS<br />
bak_banner<br />
bak_bannerclient<br />
bak_bannertrack<br />
bak_categories<br />
bak_components<br />
bak_contact_details<br />
bak_content<br />
bak_content_frontpage<br />
bak_content_rating<br />
bak_core_acl_aro<br />
bak_core_acl_aro_groups<br />
bak_core_acl_aro_map<br />
bak_core_acl_aro_sections<br />
bak_core_acl_groups_aro_map<br />
bak_core_log_items<br />
bak_core_log_searches<br />
bak_groups<br />
bak_menu<br />
bak_menu_types<br />
bak_messages<br />
bak_messages_cfg<br />
bak_migration_backlinks<br />
bak_modules<br />
bak_modules_menu<br />
bak_newsfeeds<br />
bak_plugins<br />
bak_poll_data<br />
bak_poll_date<br />
bak_poll_menu<br />
bak_polls<br />
bak_prbt<br />
bak_sections<br />
bak_session<br />
bak_stats_agents<br />
bak_templates_menu<br />
bak_users<br />
bak_weblinks<br />
jos_banner<br />
jos_bannerclient<br />
......... and much more. I was just too lazy to exploit it.<br />
Anyway that was the disclosure of spicenepal.com. Have fun.Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com3tag:blogger.com,1999:blog-3339723251203762129.post-4737405673596763962010-01-04T08:04:00.000-08:002010-01-04T08:26:27.727-08:00Ministry of forests & soil conservation vulnerabilityAs usual, another government site is vulnerable to SQL injection and this time, it can be used to mass own the server. I don't know why these fucking guys do such a poor coding. I just don't know who's kid, me or these guys.<br />Anyway, the MySQL>5 allows me to take all DB details and entities in it. Also, the admin panel is vulnerable to login bypass due to lack of filtration of the data.<br />Below is the screenshot of the logged panel:<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_R7J4rokcecI/S0IWO7g26sI/AAAAAAAAAA0/g16-jCrSwOE/s1600-h/mofsc.gov.np.JPG"><img style="cursor: pointer; width: 320px; height: 194px;" src="http://2.bp.blogspot.com/_R7J4rokcecI/S0IWO7g26sI/AAAAAAAAAA0/g16-jCrSwOE/s320/mofsc.gov.np.JPG" alt="" id="BLOGGER_PHOTO_ID_5422921347056986818" border="0" /></a><br /><br /><br /><br />Thank you and hope they fix it...learn3r aka cyb3r lordhttp://www.blogger.com/profile/08049135959513279608noreply@blogger.com2tag:blogger.com,1999:blog-3339723251203762129.post-46178015873412714832009-12-26T11:00:00.000-08:002009-12-26T11:00:19.134-08:00Nepal Bangladesh Bank SQLi vulnerabilityThe official website of Nepal Bangladesh Bank Limited www.nbbl.com.np suffers from Sql injection and hence can be compromised to get sensitive informations from it. Its 1 a.m midnight already here so I am lazy to post the dumps for now. If I happen to remember it next day, I shall post the dumps. For now, following are some information of the server:<br />
<b>current database:</b> <strong>nbblcom_db </strong><br />
<strong>user : </strong><strong>nbblcom_admin@localhost</strong><br />
<strong>DB version: </strong><strong>4.1.22-standard </strong><br />
I am being too lazy at this time to bruteforce for the tables. Guys do yourself if you want to dig the site more.<br />
<strong>Thanks.</strong><strong> </strong><strong> </strong>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com6tag:blogger.com,1999:blog-3339723251203762129.post-56312349116843295862009-12-23T20:33:00.000-08:002009-12-23T20:50:07.730-08:00Neoteric Nepal SQL injection Vuln<div>Official website of Neoteric nepal suffers from sql injection vuln.<br />Some details:<br />ftp: <a href="ftp://ftp.neoteric.com.np/">ftp://ftp.neoteric.com.np/</a><br />ftp security: very secure<br />Vuln:SQL injection<br />Dump:<br />Table name: admin_user<br />id:pwd= not displayed for security<br />Scrnshot:</div><img style="TEXT-ALIGN: center; MARGIN: 0px auto 10px; WIDTH: 507px; DISPLAY: block; HEIGHT: 279px; CURSOR: hand" id="BLOGGER_PHOTO_ID_5418660305503921778" border="0" alt="" src="http://1.bp.blogspot.com/_AJFPBbDsJ2M/SzLy1qwSJnI/AAAAAAAAAA4/_gSp4acLPCk/s320/scrn.jpg" /><br /><div></div><br /><div>Hope they secure it soon<br />Regards,</div>dARK_pHOENIXhttp://www.blogger.com/profile/11872711864906408375noreply@blogger.com3tag:blogger.com,1999:blog-3339723251203762129.post-28803864232131562832009-12-23T07:41:00.000-08:002009-12-23T07:41:44.406-08:00National Information Technology Center site vulnerabilityThe official website of National Information Technology Center suffers from SQL injection and hence, the login information and other data can be taken away from the database. The worse part is that by uploading shell, one could not only deface nitc.gov.np but also other sites hosted on the server to name few: nepalgov.gov.np, hlcit.gov.np<br />
<br />
Just amazed that the center has got so many computer engineers and they are vulnerable to such a simple hack. They need to learn the sense of security to build secure digitalized nepal. Also, what is the fucking point of putting the files in admin panel folder and letting users download from them. And guys, you need to learn to prevent index browsing (its so open) and also the usage of sessions in PHP...<br />
<br />
Screenshot:<br />
<div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: center;"><br />
<a href="http://1.bp.blogspot.com/_RVRW0sa79Nw/SzI4lcDT3TI/AAAAAAAAAC0/bWhkz1w-h2U/s1600-h/nitc.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/_RVRW0sa79Nw/SzI4lcDT3TI/AAAAAAAAAC0/bWhkz1w-h2U/s320/nitc.jpg" /></a><br />
</div><div class="separator" style="clear: both; text-align: left;">Thanks... and absolutely no offense to them. We just want the secure nepal.<br />
</div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com2tag:blogger.com,1999:blog-3339723251203762129.post-62582079599091382242009-12-21T18:29:00.000-08:002009-12-21T18:35:58.007-08:00Ketaketi.org(CLFN) SQL Injection vulnThe official website of CLFN (Ketaketi.org) suffers from sql injection attack in bsoftmore.php<br />A remote attacker can easily get over the site. (Not me actually, i didnt find the login page.) anyway i got the id and passes/ The id and passes are not shown for security here.<br />Some details:<br />Site:ketaketi.org<br />Vuln: SQL injection<br />Table name: user<br />Hope they fix it soondARK_pHOENIXhttp://www.blogger.com/profile/11872711864906408375noreply@blogger.com4tag:blogger.com,1999:blog-3339723251203762129.post-42654222712185299092009-12-20T10:22:00.000-08:002009-12-20T10:22:10.325-08:00www.indianembassy.org.np SQLi vulnerabilitywww.indianembassy.org.np is the official website of Indian Embassy in Nepal and the site is vulnerable to common SQL injection vulnerability.<br />
The site uses mysql version 4 so no information_schema. So I just did bruteforcing by coding small script in PHP to find the valid username/password combination but they are pretty guessable. I didn't think of defacing because it is an organization and defacing such organizations totally would be wrong thing but I posted a news in the site.<br />
Below is the screenshot:<br />
<div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_RVRW0sa79Nw/Sy5qxMhZKVI/AAAAAAAAACk/gu9Q5drVspQ/s1600-h/indianembassy.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_RVRW0sa79Nw/Sy5qxMhZKVI/AAAAAAAAACk/gu9Q5drVspQ/s320/indianembassy.jpg" /></a><br />
</div><br />
<br />
Absolutely no offense to indian embassy. But we hope you will be securing yourself after this pwnage.<br />
RegardsCool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com3tag:blogger.com,1999:blog-3339723251203762129.post-66921549811226109952009-12-19T18:00:00.000-08:002009-12-19T18:16:44.552-08:00CCRC (ccrc.edu.np) SQLi VulnerabilityA sql injection vuln exists in ccrc college's website.<br />Details:<br />URL: http://ccrc.edu.np<br />FTP: ftp.ccrc.edu.np<br />FTP status: Very Secure (9.5/10)<br />SQL injection: Yes(8.5/10, since all critical datas can be extracted)<br /><br />Dumps:<br />rajan:c647f23604314d5aa5bb53ad3def9303 <br /><br />Hope they fix it soondARK_pHOENIXhttp://www.blogger.com/profile/11872711864906408375noreply@blogger.com1tag:blogger.com,1999:blog-3339723251203762129.post-90210124471799320742009-12-19T08:31:00.001-08:002009-12-19T08:34:01.787-08:00ccma.edu.np SQLi vulnerabilityNot much, but I thought to share it over here.<br />The official website of Chartered College of Management and Accounts, <a href="http://www.ccma.edu.np" target="_blank">www.ccma.edu.np</a> suffers from sql injection attack and hence can be used to extract critical data from the database. Check the site main page <a href="http://www.ccma.edu.np/main.php" target="_blank">ccma home</a> to see the vulnerability. I have made redirection to the nep sec blog.<br /><br />Thankslearn3r aka cyb3r lordhttp://www.blogger.com/profile/08049135959513279608noreply@blogger.com0tag:blogger.com,1999:blog-3339723251203762129.post-67540197238637428752009-12-17T18:30:00.000-08:002009-12-17T18:41:18.044-08:00Universal College(http://www.uc.edu.np) SQL injection Vuln<div>A sql Injection Vuln exists in Universal College's site. A remote attacker can easily get the pwd and login.</div><br /><div>Some details:</div><br /><div>Vuln Type: SQL injection</div><br /><div>FTP: <a href="ftp://ftp.uc.edu.np/">ftp://ftp.uc.edu.np/</a> (Proftpd 1.3.0 server//WL)</div><br /><div>VULN RATING: 6/10 (SQL INJECTION), 8/10 (OLD FTP SERVER. MANY EXPLOITS ARE OUT THERE)</div><br /><div>STATUS:Notified</div><br /><div>Some proofs:</div><br /><div>Table_names: login, user</div><br /><div>Dumps:</div><br /><div>Not_REVEALED for security</div><br /><div>Screenshot of Logged in cpanel:<img style="TEXT-ALIGN: center; MARGIN: 0px auto 10px; WIDTH: 520px; DISPLAY: block; HEIGHT: 362px; CURSOR: hand" id="BLOGGER_PHOTO_ID_5416400474126007330" border="0" alt="" src="http://2.bp.blogspot.com/_AJFPBbDsJ2M/SyrriK2JvCI/AAAAAAAAAAM/rUJYnJJoAxY/s320/scrnshot.jpg" /></div>Hope they fix it down :D<br /><div></div><br /><div></div>dARK_pHOENIXhttp://www.blogger.com/profile/11872711864906408375noreply@blogger.com2tag:blogger.com,1999:blog-3339723251203762129.post-15770093499532934082009-12-10T03:45:00.000-08:002009-12-10T03:45:44.351-08:00Internet Business Bureau Common SQL injection Vulnerability<span id="goog_1260445096014"></span><span id="goog_1260445096015"></span><a href="http://www.blogger.com/"></a>I checked the IBB's portfolio and the sites it develops uses the same script and it is vulnerable to SQL injection. Check my previous post for more on knowing this:<br />
<a href="http://nepsecvulns.blogspot.com/2009/12/party-popper-wwwpartypoppercomnp-sqli.html">http://nepsecvulns.blogspot.com/2009/12/party-popper-wwwpartypoppercomnp-sqli.html</a><br />
<br />
The same mysql injection is valid but filtering takes so you need to bypass filters (not hard). I would recommend you to google for mysql injection cheatsheets and learn and practice hacking in these sites.<br />
<br />
Nepali Hackers Are Not Dead, They Are Underground and Might Be At Your RootCool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com3tag:blogger.com,1999:blog-3339723251203762129.post-32886638397110979252009-12-10T03:24:00.000-08:002009-12-10T03:24:06.783-08:00Party Popper [www.partypopper.com.np] SQLi vulnerabilityThe site of Party Popper [www.partypopper.com.np] is vulnerable to SQL injection and various information can be stolen. The SQL filtering IDS are working to some extent but we can easily bypass such filters and I was able to do the same.<br />
Anyway, this site has nothing much but still we think that such security flaws must be addressed so that nepali developers work on protecting from such vulnerabilities...<br />
Some tables:<br />
admin<br />
content<br />
<br />
Screenshot of logged admin panel:<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_RVRW0sa79Nw/SyDaBX0vCEI/AAAAAAAAACU/Mq0nMOqdV1o/s1600-h/partypopper.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/_RVRW0sa79Nw/SyDaBX0vCEI/AAAAAAAAACU/Mq0nMOqdV1o/s320/partypopper.jpg" /></a><br />
</div><br />
Thanks. Admins can find the article by me at my site <a href="http://www.sampctricks.blogspot.com/">http://www.sampctricks.blogspot.com</a>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com0tag:blogger.com,1999:blog-3339723251203762129.post-23195566307325817892009-12-10T02:34:00.000-08:002009-12-10T02:34:54.130-08:00Engineering express [www.engxpress.com.np] Multiple VulnerabilitiesThe online website of <b>The Engineering Express </b>http://www.engxpress.com.np is pretty insecure with multiple vulnerabilities. It suffers from SQLi and insecure file upload vulnerability. Anyway below are some dumps from the website:<br />
Few tables:<br />
register<br />
signin<br />
<br />
Columns in signin table:<br />
Username<br />
Password<br />
<br />
<br />
Fucking lots of SQLi... <br />
<br />
<br />
Login process:<br />
<br />
$stmt=sprintf("SELECT * FROM login WHERE username='%s' AND password='%s'",$usr, $pwd);<br />
$dblink=DBset() ;//Connect to the database...<br />
$result = DBquery($stmt, $dblink) ;//Send Query<br />
$totresult = mysql_num_rows($result);<br />
$row = mysql_fetch_object($result);<br />
<br />
Page.php:<br />
$stmt=sprintf("SELECT Content FROM page WHERE Id='%s'",$_GET['recordID']);<br />
$dblink=DBset() ;//Connect to the database...<br />
<br />
Other scripts are also vulnerable but I am too lazy to post them, too.<br />
<br />
Screenshots:<br />
<div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_RVRW0sa79Nw/SyDNtNgzoQI/AAAAAAAAACM/l1RizPBMvmY/s1600-h/engxpress.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_RVRW0sa79Nw/SyDNtNgzoQI/AAAAAAAAACM/l1RizPBMvmY/s320/engxpress.jpg" /></a><br />
</div>Certainly no offense but you need to improve yourself...<br />
Thanks!!!Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com1tag:blogger.com,1999:blog-3339723251203762129.post-68931441091566412702009-12-09T00:00:00.000-08:002009-12-09T00:00:21.303-08:00Mero IT (www.meroit.com) SQL injection vulnerabilityThis was referred to me by my friend in the college and on viewing the site, I found it was vulnerable to common SQLi. The scripts do not validate the GET variables and hence we can inject SQL queries through URL GET parameters.<br />
<br />
Some interesting tables:<br />
admin<br />
client<br />
personal_client_details<br />
<br />
Anyway below is the screenshot of the hacked admin panel located at /admin<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_RVRW0sa79Nw/Sx9Yg5Ape9I/AAAAAAAAACE/eVaoEPO6RP4/s1600-h/meroIT.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_RVRW0sa79Nw/Sx9Yg5Ape9I/AAAAAAAAACE/eVaoEPO6RP4/s320/meroIT.png" /></a><br />
</div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: left;">So if you are the webadmin of meroit.com you can find the article at http://www.sampctricks.blogspot.com to secure your PHP scripts...<br />
</div><div class="separator" style="clear: both; text-align: left;">Thanks...<br />
</div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com2tag:blogger.com,1999:blog-3339723251203762129.post-45726539305556184772009-12-07T11:17:00.000-08:002009-12-07T11:31:46.163-08:00www.pea.edu.np simple JS hackOk this was given to me as a challenge by sam and he said that he was given information about this site by some friend of him. He said me about javascript hacking in admin panel and I started to dig up. And finally I found that it didn't require any login(even the login user/pass is easy one: admin/a). I then found that the upload feature was also insecure. I got the shell and I could have utilized to root the box but I didn't. I just thought to make defacement of pea.edu.np.<br /><br />Some PHP dumps:<br /><br />addnew.php:<br /><br />//clearly reflects their poor coding way...<br /><?<br /> $path = "../";<br /> //$thePage = "home";<br /> include $path."includes/adminhead.php";<br /> include $path."includes/headeradmin.php";<br /> if($_POST['ok'])<br />{ <br /><br />$date1=$_POST['Date1'];<br />$title=$_POST['Title'];<br /> <br />$newfile=returnfilename($_FILES['fileattach'],"downloads");<br /><br />$sqlquery= "INSERT INTO downloads VALUES('','$date1','$title','$newfile')";<br />$rt1=mysql_query($sqlquery) or die(mysql_error());<br /> <br /> if($rt1)<br /> { <br /> print "<script>document.location='download.php';</script>";<br /> <br /> }<br /><br /><br />}<br />?><br /><br />settings.php:<br /><?<br /><br />// Online<br />/**/<br />$hostname="localhost";<br />$username="peaedu_peaedu";<br />$password="delta2009";<br />$db="peaedu_peadb";<br /><br /><br />/* LOCAL *<br /><br />$hostname="localhost";<br />$username="root";<br />$password="";<br />$db="pea_db";<br />*/<br />$connectme=mysql_connect($hostname,$username,$password);<br />?><br /><br /><br />Now the screenshot of the defaced site:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_R7J4rokcecI/Sx1Wo7PyriI/AAAAAAAAAAs/3aDzeY8V3eA/s1600-h/defaced.jpg"><img style="cursor: pointer; width: 320px; height: 124px;" src="http://1.bp.blogspot.com/_R7J4rokcecI/Sx1Wo7PyriI/AAAAAAAAAAs/3aDzeY8V3eA/s320/defaced.jpg" alt="" id="BLOGGER_PHOTO_ID_5412577588267888162" border="0" /></a><br /><br />Thanks for reading this... and to site developers, learn fucking sense of security...learn3r aka cyb3r lordhttp://www.blogger.com/profile/08049135959513279608noreply@blogger.com2tag:blogger.com,1999:blog-3339723251203762129.post-54637700936355684812009-12-07T09:57:00.001-08:002009-12-07T10:00:16.021-08:00myktm.com SQLi vulnerabilityVuln: SQLi<br />Serious label: 3/5 (as user/pass can be stolen)<br />Actually, this hack was reported to us by someone anonymous. We don't have any information about him/her but thanks and full credit goes to you. Anyway, I think many of you have heard about myKtm.com, their skiddish forum and their Nepal messenger. Though I appreciate their effort in creating first Nepali IRC server/channel (I think they are the first), they need to learn about security. They talk in the leet way but they are insecured and since there are thousands of users registered over there, password compromise can be easily done.<br /><br />[+] Exploit: SQLi<br />[+] The script doesn't validate the user input which can be used to do SQL injections and steal the important data from the system.<br /><br />Samples [might have been changed since then]:<br /><br />username: hash: email<br /><br /><span style="font-weight: bold;">admin:b09048fc8f1a2ac608012c327c60f973:admin@nepalexpo.com</span><br /><span style="font-weight: bold;">huribatas:2f1157cdad63b7035e5252880bf6f9cc:huribatas111@hotmail.com</span><br /><span style="font-weight: bold;">LSD:9ae90ad18eb0e8cfde193df7d258c09b:Lsd@myktm.com [admin of myKtm]</span><br /><span style="font-weight: bold;">uTosTan:e7aebaae36f8ba319d46a7142218ef1e:utostan@gmail.com [super admin of myKtm, not sure though]</span><br /><br />Ok that was enough to disclose them. I hope they take it positively. I want them to secure themselves. Drop a comment if you are myKtm-er and I will be replying on how to secure it...learn3r aka cyb3r lordhttp://www.blogger.com/profile/08049135959513279608noreply@blogger.com4tag:blogger.com,1999:blog-3339723251203762129.post-27740627222821311252009-12-05T10:26:00.000-08:002009-12-19T07:08:48.771-08:00www.myrepublica.com multiple SQLi and XSS vulnerabilitiesMyrepublica is one of the newer magazines and the site http://www.myrepublica.com is their online site. They usually do news update and hence the site provides recent news and happenings easily to the website visitors... But, again they are not secured and suffer from normal SQLi injection vulnerabilities.<br />Here are some dumps from the table <span style="font-weight: bold;">users</span>.<br />Username: password: emailid<br /><br />ameet:1dhakal2:ameet@myrepublica.com<br />bikash:bik31@:bikash@myrepublica.com<br />prem:1khanal2:prem@myrepublica.com<br />premdhakal:dhakal123:premdhakal@myrepublica.com<br />pawan:terobaumerobau:pawan148@yahoo.com<br /><br />etc...<br /><br />Sample screenshot:<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_R7J4rokcecI/SxqoyHpJQCI/AAAAAAAAAAk/fsWQoWWIodQ/s1600-h/myrepublica.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 247px;" src="http://2.bp.blogspot.com/_R7J4rokcecI/SxqoyHpJQCI/AAAAAAAAAAk/fsWQoWWIodQ/s320/myrepublica.jpg" alt="" id="BLOGGER_PHOTO_ID_5411823481237618722" border="0" /></a><br /><br />Some fucking notes to them:<br />1) Don't fucking keep plain passes in DB<br />2) Don't fucking make re-use of the same password<br />3) Read sam207's article on securing this vulnerability...<br />4) You're giving us the location of admin panels. fuck you... learn the sense of security.<br /><br />Sorry but you are so lame that I had to deface you. No offense to myrepublica team(actually I like your newspaper), this message is to the developers of the site....<br />EDIT: I also found the site search system to be vulnerable to cross site scripting vulnerability.<br />Thank you!!!learn3r aka cyb3r lordhttp://www.blogger.com/profile/08049135959513279608noreply@blogger.com0tag:blogger.com,1999:blog-3339723251203762129.post-10245977182719919402009-12-01T19:08:00.000-08:002009-12-01T19:50:31.426-08:00www.thehimalayantimes.com SQLi vulnerabilityThe himalayan times is one of the national daily newspapers from nepal and its site www.thehimalayantimes.com like other common nepali websites is also vulnerable to normal web hack. Its again lame SQL injection caused due to the poor coding level. I am having eye pain right now because of welding so I won't be posting much but anyway below is the SQLi hack...<br />
the admin information can be stolen from admin table while tbl_member consists of registered user information so this may lead to secret private data stealing....<br />
admin table consists of columns:<br />
admin_user<br />
admin_pass<br />
admin_email<br />
admin_fullname, etc.<br />
<br />
So SQL query: SELECT * FROM admin<br />
is going to give us everything on table admin...<br />
And they are also using base64 encoding. I have said previously too that a single call to base64_decode() in PHP or using online base64 decoders (www.yellowpipe.com has one) we are gonna get the actual pass easily.<br />
Some dumps:<br />
<b>user:pass:email for admin</b><br />
<br />
sajy.j:Z0kzdDRQOXM=:sajyjacob@yahoo.com<br />
bipul:YmlwdWxzMQ==:bipulendra.adhikari@gmail.com<br />
ARUN:c2lsaWNh:monsterdom@gmail.com<br />
etc.<br />
You can try and get the dumps yourself; no more dumps.<br />
Read the article I have written in my blog sampctricks.blogspot.com <a href="http://sampctricks.blogspot.com/2009/05/securing-php-avoid-basic-exploits-and.html">http://sampctricks.blogspot.com/2009/05/securing-php-avoid-basic-exploits-and.html</a> in order to remove these vulnerabilities. You have lots of them in your scripts.<br />
Edit:<br />
again it is F1 Soft work most probably and has got so many vulnerabilities. Admin panel is in a bit less used place but we can find it easily (No need to overthink and do bruteforcing for admin cp)... Also @THT admins, do not change location of admin panel rather secure your scripts...<br />
Couldnot upload the screenshot because of slow net connection and my eye problem...<br />
<br />
Thanks... Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com2tag:blogger.com,1999:blog-3339723251203762129.post-7872262496146383722009-11-29T08:26:00.000-08:002009-11-29T08:26:31.493-08:00NewsOfNepal.com SQLi Vulnerabilitywww.newsofnepal.com is just pretty insecure and more pwnage could have been carried out. Thanks to Cyb3r Lord for allowing me to post the thing he found... F1 Soft is one of the top IT company in Nepal but when it comes to coding, they suck...<br />
This one is another disclosure of one of the big sites from Nepal. So lets go on...<br />
There are few scripts that forget to validate the inputs and we are not disclosing how the things are vulnerable because we are not for script kiddies. Using MySQL > 5 means we can extract tables and columns easily.<br />
Some tables are:<br />
admin<br />
advertisement<br />
polling_user<br />
etc.<br />
And some tables are:<br />
admin_pass<br />
admin_user<br />
admin_email<br />
under admin table.<br />
Now on extracting pass, I saw it was base64 encoded(FUCK). Use other hashing like md5() to encrypt. You are PHP guys and you should have known base64_decode($hash) is gonna give us the pass...<br />
Anyway below is the screenshot of the pwnage:<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_RVRW0sa79Nw/SxKgj1kmVcI/AAAAAAAAABY/wr2G3jJ1wjE/s1600/newsofnepal.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_RVRW0sa79Nw/SxKgj1kmVcI/AAAAAAAAABY/wr2G3jJ1wjE/s320/newsofnepal.jpg" /></a><br />
</div><br />
<span id="goog_1259507611154"></span><span id="goog_1259507611155"></span><br />
Thanks...Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com1