I got the link to the site from some nepali social networking site and was just testing the security issues of the site as the about us page stated that the people of DC-nepal are quite good in computer technology. I started with general web hacks and unfortunately found this site to be vulnerable to SQL injection and persistent cross site scripting. So I thought to share this with you guys.
SQLi:
http://www.dc-nepal.com/nepali_model.php?id=437
The id variable is not well sanitized so valid queries can be injected to the site. Since the MySQL version>5, its even more easier for hackers to get different credentials from the site.
Some tables:
admin
dc_classicfied
Login user/hash: laxman: hnz/uP1502jYsjqs//hCfg==
You need to decrypt the password and you can login from /admin.
Persistent XSS:
http://www.dc-nepal.com/nepali_model.php?id=437
The comment form doesn't filter any malicious so this can be used to drop executables and redirects.
Hope they make a quick fix. They were notified...
Showing posts with label cross site scripting. Show all posts
Showing posts with label cross site scripting. Show all posts
Monday, 9 November 2009
Tuesday, 27 October 2009
Laxmibank.com XSS/SQLi vulnerability
Laxmi Bank XSS/SQLi vulnerability:
Site: www.laxmibank.com
Risk: Medium - High
Notified: YES
Action from Admin: N/A
Vulnerable file: searchpage.asp
Exploit: The search doesn't sanitize the input from user. So it suffers from XSS. And moreover specially crafted SQL queries can be done through search box
Solution: sam207 has written an article on it.
Note that we have notified Laxmi Bank about this long time ago but they didn't give us any reply or didn't update themselves.
Site: www.laxmibank.com
Risk: Medium - High
Notified: YES
Action from Admin: N/A
Vulnerable file: searchpage.asp
Exploit: The search doesn't sanitize the input from user. So it suffers from XSS. And moreover specially crafted SQL queries can be done through search box
Solution: sam207 has written an article on it.
Note that we have notified Laxmi Bank about this long time ago but they didn't give us any reply or didn't update themselves.
Nepal Telecom XSS vulnerability
Nepal Telecom XSS vulnerability:
Site: www.ntc.net.np
Risk: Low
Notified: YES
Action from Admin: N/A
Vulnerable file: /search/searchresult.php
Exploit: The search doesn't sanitize the input from user. So it suffers from XSS.
Solution: sam207 has written an article on it.
More message to NTC, you are open to a lot of problems. We got all the PSTN Bank user logins(we also know where to login from) and what's the point of putting phpinfo() online. We grabbed the PHP information from NTC. Also, why would you like to put apache manual on the website (though isn't a potential risk). Contact us if you want to know more vulnerabilities I think I shouldn't discuss over here.
Thank you.
Site: www.ntc.net.np
Risk: Low
Notified: YES
Action from Admin: N/A
Vulnerable file: /search/searchresult.php
Exploit: The search doesn't sanitize the input from user. So it suffers from XSS.
Solution: sam207 has written an article on it.
More message to NTC, you are open to a lot of problems. We got all the PSTN Bank user logins(we also know where to login from) and what's the point of putting phpinfo() online. We grabbed the PHP information from NTC. Also, why would you like to put apache manual on the website (though isn't a potential risk). Contact us if you want to know more vulnerabilities I think I shouldn't discuss over here.
Thank you.
Subscribe to:
Posts (Atom)