mailing list archives
vsworld.com - SQL Injection Vulnerability
From: Pradip Sharma <sharma.pradip () gmail com>
Date: Wed, 19 Jan 2011 17:04:36 +0530
vsworld - SQL Injection Vulnerability
Developing solutions for areas as diverse as technology, trading, power,
travel, education and retail. In addition, regularly called upon to cater to
the requirements of prestigious Government Bodies. Various prestigious
clients are in Client list.
Vulnerability Type : SQL Injection
http://www.vsworld.com/index.php =>VSM Login
User Name: NIL
Password: ' or '1'='1
Now, login to the Control Panel.
Effect: You have access to the main admin panel. Option to View, delete &
all client records, contact information, Email ids etc.
All employees personal information Contact no, address mail ids etc, theire
login credentials passwords are visible.
Pwd : -------
passwords are not mentioned here for security reasons.
As the vulnerability is of most common type, notified to the vendor and he
has applied a fix.
Credit: Pradip Sharma, Sandeep Sengupta
Cyber Security Research Analysts, iSolution Software Systems Pvt. Ltd.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- vsworld.com - SQL Injection Vulnerability Pradip Sharma (Jan 19)