Full Disclosure mailing list archives
Calcuttatelephones.com Database Disclosure, BSNL- Dotsoft (Super Admin) Auth Bypass Vulnerability
From: Pradip Sharma <p.sharma () e-secure-it com>
Date: Sat, 2 Jul 2011 10:04:09 +0530
Calcuttatelephones.com Database Disclosure, Directory Listing http://www.calcuttatelephones.com <http://www.calcuttatelephones.com/jto/> Demo: http://www.flickr.com/photos/64621175@N03/5885441132/in/photostream/ Database containing 2600 plus records. phpMyAdmin SQL Dump version 2.5.7-pl1http://www.phpmyadmin.net Host: localhost Server version: 4.0.26 PHP Version: 4.2.0 Database : `bsnl` ------------------------------------------------------- Table structure for table `jtoresult` DROP TABLE IF EXISTS `jtoresult`; CREATE TABLE `jtoresult` ( `roll_no` varchar(40) NOT NULL default '', `circle_appear` varchar(60) NOT NULL default '', `name` varchar(150) NOT NULL default '', `community` varchar(50) NOT NULL default '', `ph_status` varchar(20) NOT NULL default '', `merit` varchar(20) NOT NULL default '', `circle_code` varchar(10) NOT NULL default '', PRIMARY KEY (`roll_no`) ) TYPE=MyISAM; BSNL- Dotsoft (Super Admin) Auth Bypass Vulnerability Profile: *Dotsoft* is an in-house developed software, integrating the Commercial Activities, Telecom Billing & Accounting, FRS and Directory Enquiry. It has been implemented in *171* SSAs (Districts) across the country. Company URL: http://dotsoft.bsnl.co.in/ SUPER ADMIN LOGON: http://dotsoft.bsnl.co.in/helpdesk/admin.asp Demo: http://www.flickr.com/photos/64621175@N03/5884121702/in/photostream http://www.flickr.com/photos/64621175@N03/5883556231/in/photostream Pradip Sharma Cyber Security Research Analysts, iSolution Software Systems Pvt. Ltd.www.isolutionindia.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Calcuttatelephones.com Database Disclosure, BSNL- Dotsoft (Super Admin) Auth Bypass Vulnerability Pradip Sharma (Jul 01)