12:49 AM
Unknown
SQL injection discovered by Hussain , on Madurai Kamraj University site , this allow the user to see the results of all students without specifying a register number .
POC:
1. link : http://www.mkuniversity.org/results_new.php
2. Select any course , instead of register number copy and paste this code and press get results button .
3.You can see results of all student without requiring a register number , this works on similar site , to bypass authentication.
this injection can be also used to insert malicious sql command which can delete all the marks of the student from the database . :(
Enjoy .
Posted in: 
Popular Posts
-
Tor anonymizing network Compromised by French researchers French researchers from ESIEA , a French engineering school, have found and ex... -
A zip bomb , also known as a Zip of Death or decompression bomb , is a malicious archive file designed to crash or render useless the pr...
-
here are some of the popular security / hacking tools that range from port scanning to password cracking , check it out . 1. Nmap I think e...
-
Hi guys i made this new application called way2sms sender client , written in java , through which you can send sms from your desktop to yo...
-
After failing to capture the hearts or rather the pockets of people with the S40 and facing severe attrition , Nokia is reintroducing Linux(... -
Nokia's C3-01 Touch & Type has a clumsy name, but it's a darn useful cell phone . It's a standard candy bar style handset ...
-
Wouldn't it be ultra-cool to carry around your very own operating system with you? Or share an OS with friends? Have you wanted to buil...
-
Email spoofing is a term used to describe e-mail activity in which the sender address and other parts of the e-mail are altered and this is... -
The new version of Opera Mini 6 has hit the market. The updated version of Opera Mini 6 is said to be six-times faster while browsing even...
-
Its all over the news.HP is closing down its WebOS division and is pulling the plug on its Touchpad and other WebOS devices.The Palm Pre ...
0 comments:
Post a Comment