Full Disclosure mailing list archives
Two biggest Indian University Websites are vulnerable
From: Sandeep Sengupta <sandeep.sengupta () gmail com>
Date: Sat, 17 Jul 2010 15:01:38 +0530
Topic: a) Sikkim Manipal University portal is vulnerable to SQL Injection attack. b) Calcutta University website is spreading malware via iframe code insertion. Details: a) About the university: Sikkim Manipal is one of the largest private University in India. The Institute attracts students from all over the country, with over 1700 students enrolled in the various engineering disciplines. 102 full-time faculties are employed. Type of problem: SQL Injection Vulnerable Portal: http://portal.smude.edu.in/ User Name: *sanjay* [any name will work] Password: *' OR ''=' *Choose "*Center Login*" radio button Press SUBMIT. Screenshot: http://www.isolutionindia.com/isolutionindia/disclosure/SM.JPG Effect: You have access to the main admin panel. Option to download & print ALL student records, contact information, admit cards for upcoming examinations, assignments, results, etc. Option to change password. Credit: Pradip Sharma, Surajit Biswas, Sandeep Sengupta; Cyber Security Research Analysts, iSolution Software Systems Pvt. Ltd., www.isolutionindia.com b) Calcutta University is the oldest existing University in Indian Subcontinent. Founded 1857, it is ranked 39th in the world. Vulnerability: The main page is spreading virus. www.caluniv.ac.in It has iframe code injection & pulling virus from the Russian site pantscow.ru Hundreds will be infected while checking for results on the website. Screenshot: http://www.isolutionindia.com/isolutionindia/disclosure/CU.JPG Credit: Arnab Kanti Choudhury, Sandeep Sengupta; Cyber Security Research Analysts, iSolution Software Systems Pvt. Ltd., www.isolutionindia.com Disclaimer: The above information has been published with intention that the concerned authorities will take notice & amend the bugs. People are requested not to use the above information for illegal actions. We take no responsibility of the consequences. Thanks. Cyber Security Research Team iSolution Software Systems Pvt. Ltd. www.isolutionindia.com* Mob: +91 9830310550 *
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Two biggest Indian University Websites are vulnerable Sandeep Sengupta (Jul 17)
- Re: Two biggest Indian University Websites are vulnerable Shreyas Zare (Jul 17)
- Re: Two biggest Indian University Websites are vulnerable Benji (Jul 17)
- Re: Two biggest Indian University Websites are vulnerable Sandeep Sengupta (Jul 17)
- Re: Two biggest Indian University Websites are vulnerable Benji (Jul 17)
- Re: Two biggest Indian University Websites are vulnerable Valdis . Kletnieks (Jul 17)
- Re: Two biggest Indian University Websites are vulnerable Jeffrey Walton (Jul 17)
- Message not available
- Re: Two biggest Indian University Websites are vulnerable Sandeep Sengupta (Jul 21)
- Re: Two biggest Indian University Websites are vulnerable Shreyas Zare (Jul 17)