RSS

Category Archives: Vulnerable Websites

Aegis traced Blind SQL Vulnarability in SIFY (http://www.sify.com)



Target:         http://www.sify.com/movies/telugu/review.php
Host IP:        123.176.32.146
Web Server:     Apache
Powered-by:     PHP/4.2.3
DB Server:     MySQL
Resp. Time(avg):    91 ms
Sql Version:     4.0.18-log
Current DB:     cms

 
Leave a comment

Posted by on June 29, 2011 in Vulnerable Websites

 

Aegis traced Blind SQL Vulnarability in Planet Bollywood (http://www.planetbollywood.com/)


Vulnerability description

This script is possibly vulnerable to SQL Injection attacks.

SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn’t properly filter out dangerous characters.

This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.

This vulnerability affects /xxxx.php.

 

 
Leave a comment

Posted by on June 29, 2011 in Vulnerable Websites

 

Aegis traced Blind SQL Vulnarability in Bihar E-news (http://www.biharenews.com)


Target:         http://www.biharenews.com/index.php
Host IP:        70.86.37.234
Web Server:     Apache
Powered-by:     PHP/5.2.17
DB Server:     MySQL >=5
Resp. Time(avg):    1889 ms
Current User:     kabia_bihare@localhost
Sql Version:     5.0.92-community
Current DB:     kabia_biharenews
System User:     kabia_bihare@localhost
Host Name:     server.hosttrue.info
Installation dir:     /

Vulnerability description

This script is possibly vulnerable to SQL Injection attacks.

SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn’t properly filter out dangerous characters.

This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.

This vulnerability affects /xxxx.php.

Discovered by: Scripting (Blind_Sql_Injection.script).

 

 
Leave a comment

Posted by on June 29, 2011 in Vulnerable Websites

 

Aegis traced Blind SQL Vulnarability in Aspiring Minds (http://www.aspiringminds.in)


About Aspiringminds :Aspiringminds conduct a nation-wide Computer Adaptive Test to provide a statistically-valid multi-dimensional skill assessment to judge the employment suitability of a large pool of candidates. The multi-dimensional score coupled with innovative filters and graphical visualization lets you find the most appropriate set of candidates for your job profile instantly.

AMCAT Test Conducted at more than 650 companies
Over 20 States
More than 1.65 lakh people written this test

This big organization website got vulnerable with SQL BLIND INJECTION

Vulnerability description

This script is possibly vulnerable to SQL Injection attacks.

SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn’t properly filter out dangerous characters.

This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.

This vulnerability affects /xxxx.php.

Discovered by: Scripting (Blind_Sql_Injection.script).

 
Leave a comment

Posted by on June 29, 2011 in Vulnerable Websites

 

Jntu Hyderabad Vulnerable with Blind SQL Injection and XSS


The best university in India

JNTUH has in total 415 affiliated colleges:

287 Engg & Tech. (250 existing + 37 new)

95 Pharmacy (90 existing + 05 new)

21 Standalone MCA and/or MBA (10 existing + 11 new)

12 Integrated Campuses (E-12, P-6, MBA-8, MCA-2)

But this website is Vulnerable With Blind Sql injection and Cross site scripting. This may compromise the integrity of your database and/or expose sensitive information.

Please try to Patch all those Vulnerabilities As Soon As Possible

Vulnerability description

This script is possibly vulnerable to SQL Injection attacks.

SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn’t properly filter out dangerous characters.

This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.

This vulnerability affects /xxxx.php.

Discovered by: Scripting (Blind_Sql_Injection.script).

The impact of this vulnerability

An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information.

Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use subselects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system.

Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.

 

 

Cross Site Scripting

Vulnerability description

This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.

The impact of this vulnerability

Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.

 

 
Leave a comment

Posted by on June 21, 2011 in Vulnerable Websites

 

Found SQL INJECTION VULNERABILITY in(http://bhagyanagaraminfo.com)


Target:         http://bhagyanagaraminfo.com
Host IP:        69.175.51.250
Web Server:     Apache
Powered-by:     PHP/5.2.16
DB Server:     MySQL >=5
Resp. Time(avg):    893 ms
Current User:     bhagyan1_bhagya@localhost
Sql Version:     5.0.91
Current DB:     bhagyan1_bhagyanagaraminfo
System User:     bhagyan1_bhagya@localhost
Host Name:     cl43.justhost.com
Installation dir:     /
DB User:     ‘bhagyan1_bhagya’@’localhost’
Data Bases:     information_schema
bhagyan1_bhagyanagaraminfo
bhagyan1_plaincart

 

 
Leave a comment

Posted by on June 19, 2011 in Vulnerable Websites

 

Found SQL INJECTION VULNERABILITY in (http://www.jaypeehotels.com)


Target:         http://www.jaypeehotels.com
Host IP:        72.3.201.232
Web Server:     Apache/2.0.52 (Red Hat)
Powered-by:     PHP/4.3.9
DB Server:     MySQL >=4.1
Resp. Time(avg):    0 ms
Current User:     jaypee@72.3.201.232
Sql Version:     4.1.22
Current DB:     jhotel
System User:     jaypee@72.3.201.232

 
Leave a comment

Posted by on June 19, 2011 in Vulnerable Websites

 

Found SQL INJECTION VULNERABILITY in (http://www.greatandhra.com/)


Target:         http://www.greatandhra.com/
Host IP:        174.120.39.52
Web Server:     Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.3.2
Powered-by:     PHP/5.3.2
DB Server:     MySQL >=5
Resp. Time(avg):    0 ms
Current User:     venkat_gauser@localhost
Sql Version:     5.1.56
Current DB:     venkat_greatandhra
System User:     venkat_gauser@localhost
Host Name:     server01.greatandhra.com
Installation dir:     /
DB User:     ‘venkat_gauser’@’localhost’
Data Bases:     information_schema
ga_news
venkat_gasite
venkat_greatandhra

 

 
Leave a comment

Posted by on June 19, 2011 in Vulnerable Websites

 

Found SQL VULNERABILITY in (http://epaper.mathrubhumi.com)


Target:         http://epaper.mathrubhumi.com/
Host IP:        123.176.32.152
Web Server:     Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Powered-by:     PHP/5.2.9
DB Server:     MySQL >=5
Resp. Time(avg):    0 ms
Current User:     epaperm_mbiepap@localhost
Sql Version:     5.0.92-community-log
Current DB:     epaperm_epaper
System User:     epaperm_mbiepap@localhost
Host Name:     mbsv03.mathrubhumi.com
Installation dir:     /
DB User:     ‘epaperm_mbiepap’@’localhost’
Data Bases:     information_schema
epaperm_epaper

 
Leave a comment

Posted by on June 19, 2011 in Vulnerable Websites

 

Found SQLVULNERBILITY in KITE EDUCATION GROUP


Target:         http://www.kitegroup.edu.in/
Host IP:        174.122.47.48
Web Server:     Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_fcgid/2.3.6
Powered-by:     PHP/5.2.17
DB Server:     MySQL >=5
Resp. Time(avg):    0 ms
Current User:     kitegfvw_dreamus@localhost
Sql Version:     5.0.84-percona-highperf-b18-log
Current DB:     kitegfvw_kishan2db
System User:     kitegfvw_dreamus@localhost
Host Name:     cp-6.webhostbox.net
Installation dir:     /
DB User:     ‘kitegfvw_dreamus’@’localhost’
Data Bases:     information_schema
kitegfvw_kishan2db

 

 
Leave a comment

Posted by on June 19, 2011 in Vulnerable Websites

 
 
Follow

Get every new post delivered to your Inbox.