Re: Two biggest Indian University Websites are vulnerable

[Benji <me () b3nji com>]

I also like how you credited 2 people for what was effectively Firefox
telling you a website was unsafe, and 3 people for a login SQL.

On Sat, Jul 17, 2010 at 12:47 PM, Shreyas Zare <shreyas () secfence com> wrote:
> Hi,
>
> Considering the fact you didn't inform the concern authority at both
> the universities (before disclosing publicly), are you not breaking
> Indian IT Act by doing such type of public disclosure [1]? IANAL but
> if you (someone else on list) have something to say about this point
> it would be cool.
>
> [1] IT Act 2000, Chapter 9, 43 (G) (
> http://www.cybercellmumbai.com/cyber-laws/chapter-9 )
>
> Regards
>
> Shreyas Zare
>
> Sr. Information Security Researcher
> Secfence Technologies
> www.secfence.com
>
>
> On Sat, Jul 17, 2010 at 3:01 PM, Sandeep Sengupta
> <sandeep.sengupta () gmail com> wrote:
> > Topic:
> >
> > a) Sikkim Manipal University portal is vulnerable to SQL Injection attack.
> > b) Calcutta University website is spreading malware via iframe code
> > insertion.
> >
> > Details:
> >
> > a) About the university: Sikkim Manipal is one of the largest private
> > University in India. The Institute attracts students from all over the
> > country, with over 1700 students enrolled in the various engineering
> > disciplines. 102 full-time faculties are employed.
> >
> > Type of problem: SQL Injection
> >
> > Vulnerable Portal: http://portal.smude.edu.in/
> >
> > User Name: sanjay
> > [any name will work]
> > Password: ' OR ''='
> > Choose "Center Login" radio button
> > Press SUBMIT.
> >
> > Screenshot: http://www.isolutionindia.com/isolutionindia/disclosure/SM.JPG
> >
> > Effect: You have access to the main admin panel. Option to download & print
> > ALL student records, contact information, admit cards for upcoming
> > examinations, assignments, results, etc. Option to change password.
> >
> > Credit: Pradip Sharma, Surajit Biswas, Sandeep Sengupta; Cyber Security
> > Research Analysts, iSolution Software Systems Pvt. Ltd.,
> > www.isolutionindia.com
> >
> > b) Calcutta University is the oldest existing University in Indian
> > Subcontinent. Founded 1857, it is ranked 39th in the world.
> >
> > Vulnerability: The main page is spreading virus. www.caluniv.ac.in
> > It has iframe code injection & pulling virus from the Russian site
> > pantscow.ru
> > Hundreds will be infected while checking for results on the website.
> >
> > Screenshot: http://www.isolutionindia.com/isolutionindia/disclosure/CU.JPG
> >
> > Credit: Arnab Kanti Choudhury, Sandeep Sengupta; Cyber Security Research
> > Analysts, iSolution Software Systems Pvt. Ltd., www.isolutionindia.com
> >
> > Disclaimer: The above information has been published with intention that the
> > concerned authorities will take notice & amend the bugs. People are
> > requested not to use the above information for illegal actions. We take no
> > responsibility of the consequences.
> >
> > Thanks.
> >
> > Cyber Security Research Team
> > iSolution Software Systems Pvt. Ltd.
> > www.isolutionindia.com
> > Mob: +91 9830310550
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/