RSS

Category Archives: Vulnerable Websites

Aegis traced Blind SQL Vulnarability in SIFY (http://www.sify.com)



Target:         http://www.sify.com/movies/telugu/review.php
Host IP:        123.176.32.146
Web Server:     Apache
Powered-by:     PHP/4.2.3
DB Server:     MySQL
Resp. Time(avg):    91 ms
Sql Version:     4.0.18-log
Current DB:     cms

 
Leave a comment

Posted by on June 29, 2011 in Vulnerable Websites

 

Aegis traced Blind SQL Vulnarability in Planet Bollywood (http://www.planetbollywood.com/)


Vulnerability description

This script is possibly vulnerable to SQL Injection attacks.

SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn’t properly filter out dangerous characters.

This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.

This vulnerability affects /xxxx.php.

 

 
Leave a comment

Posted by on June 29, 2011 in Vulnerable Websites

 

Aegis traced Blind SQL Vulnarability in Bihar E-news (http://www.biharenews.com)


Target:         http://www.biharenews.com/index.php
Host IP:        70.86.37.234
Web Server:     Apache
Powered-by:     PHP/5.2.17
DB Server:     MySQL >=5
Resp. Time(avg):    1889 ms
Current User:     kabia_bihare@localhost
Sql Version:     5.0.92-community
Current DB:     kabia_biharenews
System User:     kabia_bihare@localhost
Host Name:     server.hosttrue.info
Installation dir:     /

Vulnerability description

This script is possibly vulnerable to SQL Injection attacks.

SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn’t properly filter out dangerous characters.

This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.

This vulnerability affects /xxxx.php.

Discovered by: Scripting (Blind_Sql_Injection.script).

 

 
Leave a comment

Posted by on June 29, 2011 in Vulnerable Websites

 

Aegis traced Blind SQL Vulnarability in Aspiring Minds (http://www.aspiringminds.in)


About Aspiringminds :Aspiringminds conduct a nation-wide Computer Adaptive Test to provide a statistically-valid multi-dimensional skill assessment to judge the employment suitability of a large pool of candidates. The multi-dimensional score coupled with innovative filters and graphical visualization lets you find the most appropriate set of candidates for your job profile instantly.

AMCAT Test Conducted at more than 650 companies
Over 20 States
More than 1.65 lakh people written this test

This big organization website got vulnerable with SQL BLIND INJECTION

Vulnerability description

This script is possibly vulnerable to SQL Injection attacks.

SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn’t properly filter out dangerous characters.

This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.

This vulnerability affects /xxxx.php.

Discovered by: Scripting (Blind_Sql_Injection.script).

 
Leave a comment

Posted by on June 29, 2011 in Vulnerable Websites

 

Jntu Hyderabad Vulnerable with Blind SQL Injection and XSS


The best university in India

JNTUH has in total 415 affiliated colleges:

287 Engg & Tech. (250 existing + 37 new)

95 Pharmacy (90 existing + 05 new)

21 Standalone MCA and/or MBA (10 existing + 11 new)

12 Integrated Campuses (E-12, P-6, MBA-8, MCA-2)

But this website is Vulnerable With Blind Sql injection and Cross site scripting. This may compromise the integrity of your database and/or expose sensitive information.

Please try to Patch all those Vulnerabilities As Soon As Possible

Vulnerability description

This script is possibly vulnerable to SQL Injection attacks.

SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn’t properly filter out dangerous characters.

This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.

This vulnerability affects /xxxx.php.

Discovered by: Scripting (Blind_Sql_Injection.script).

The impact of this vulnerability

An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information.

Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use subselects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system.

Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.

 

 

Cross Site Scripting

Vulnerability description

This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.

The impact of this vulnerability

Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.

 

 
Leave a comment

Posted by on June 21, 2011 in Vulnerable Websites

 

Found SQL INJECTION VULNERABILITY in(http://bhagyanagaraminfo.com)


Target:         http://bhagyanagaraminfo.com
Host IP:        69.175.51.250
Web Server:     Apache
Powered-by:     PHP/5.2.16
DB Server:     MySQL >=5
Resp. Time(avg):    893 ms
Current User:     bhagyan1_bhagya@localhost
Sql Version:     5.0.91
Current DB:     bhagyan1_bhagyanagaraminfo
System User:     bhagyan1_bhagya@localhost
Host Name:     cl43.justhost.com
Installation dir:     /
DB User:     ‘bhagyan1_bhagya’@’localhost’
Data Bases:     information_schema
bhagyan1_bhagyanagaraminfo
bhagyan1_plaincart

 

 
Leave a comment

Posted by on June 19, 2011 in Vulnerable Websites

 

Found SQL INJECTION VULNERABILITY in (http://www.jaypeehotels.com)


Target:         http://www.jaypeehotels.com
Host IP:        72.3.201.232
Web Server:     Apache/2.0.52 (Red Hat)
Powered-by:     PHP/4.3.9
DB Server:     MySQL >=4.1
Resp. Time(avg):    0 ms
Current User:     jaypee@72.3.201.232
Sql Version:     4.1.22
Current DB:     jhotel
System User:     jaypee@72.3.201.232

 
Leave a comment

Posted by on June 19, 2011 in Vulnerable Websites

 
 
Follow

Get every new post delivered to your Inbox.