mailing list archives
Re: vsworld.com - SQL Injection Vulnerability
From: "Rakesh Nagekar" <nagekar.rakesh () gmail com>
Date: Thu, 20 Jan 2011 07:18:25 +0100 (CET)
Good to know that isolution members find the vulnerabilities in most of the websites.Great India.
But sorry to say that their own websites related to http://www.isolutionindia.com/ are more vulnerable.
can you please check it once.
---------- Forwarded message ----------
From: Rakesh Nagekar <nagekar.rakesh () gmail com>
Date: Wed, Jan 19, 2011 at 5:04 PM
Subject: vsworld.com - SQL Injection Vulnerability
To: full-disclosure () lists grok org uk
vsworld - SQL Injection Vulnerability
Developing solutions for areas as diverse as technology, trading, power, travel, education and retail. In addition,
regularly called upon to cater to the requirements of prestigious Government Bodies. Various prestigious clients are in
Vulnerability Type : SQL Injection
http://www.vsworld.com/index.php =>VSM Login
User Name: NIL
Password: ' or '1'='1
Now, login to the Control Panel.
Effect: You have access to the main admin panel. Option to View, delete & update
all client records, contact information, Email ids etc.
All employees personal information Contact no, address mail ids etc, theire login credentials passwords are visible.
Pwd : -------
passwords are not mentioned here for security reasons.
As the vulnerability is of most common type, notified to the vendor and he has applied a fix.
Credit: Pradip Sharma, Sandeep Sengupta
Cyber Security Research Analysts, iSolution Software Systems Pvt. Ltd. www.isolutionindia.com
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/