12:49 AM
Unknown
SQL injection discovered by Hussain , on Madurai Kamraj University site , this allow the user to see the results of all students without specifying a register number .
POC:
1. link : http://www.mkuniversity.org/results_new.php
2. Select any course , instead of register number copy and paste this code and press get results button .
3.You can see results of all student without requiring a register number , this works on similar site , to bypass authentication.
this injection can be also used to insert malicious sql command which can delete all the marks of the student from the database . :(
Enjoy .
Posted in: 
Popular Posts
-
Tor anonymizing network Compromised by French researchers French researchers from ESIEA , a French engineering school, have found and ex... -
Dennis Ritchie known as the co-creator of C and Unix has died at the age of 70 . Having created arguably the best OS which has spawned bette... -
A zip bomb , also known as a Zip of Death or decompression bomb , is a malicious archive file designed to crash or render useless the pr...
-
Email spoofing is a term used to describe e-mail activity in which the sender address and other parts of the e-mail are altered and this is... -
After failing to capture the hearts or rather the pockets of people with the S40 and facing severe attrition , Nokia is reintroducing Linux(... -
fake sms is a method in which u can change ur sender id , ie u can use any number as sender number in the message sent by u , u can make p...
-
Hi viewers , I wish u introduce Email bomber , it is a software/tool which can be used to send 100's of email to any email account usi...
-
Hi guys i made this new application called way2sms sender client , written in java , through which you can send sms from your desktop to yo...
-
Its all over the news.HP is closing down its WebOS division and is pulling the plug on its Touchpad and other WebOS devices.The Palm Pre ... -
Blue tooth is a device used for effective transmission of data at low power at the same with reasonable speed . Each Bluetooth device has i...
0 comments:
Post a Comment