Well..it seems as Mr Dhoni prepares himself for his wedding, in the mean time, his website is found to be quite vulnerable to SQL injections. The website created in Microsoft .net is an easy bait to compromise when it comes to sql injections. I earlier blogged about hackable government and educational websites and emphasized on how computer security is virtually nil from Indian web scenario. And the thing keeps on going.I tried to contact the website creators, but their own website was down at the moment. sheesh..
Disclaimer -
I HAVE NOT HACKED ANY OF THE SITES AND THE DATABASE,JUST TESTED THEM FOR VULNERABILITIES. I TESTED THEM AND FOUND ERRORS WHICH MAY/MAY NOT BE DISCLOSED HERE AND IN NO WAY ANY ONE CAN SUE ME FOR THIS AS I DID AND MEANT NO HARM TO THE DATA OF CONCERNED ORGANIZATIONS.BY READING THIS ARTICLE YOU AGREE WITH THE DISCLAIMER.
IF YOU AGREE WITH THIS AGREEMENT,CONTINUE READING ELSE IMMEDIATELY LEAVE THIS WEBSITE.
Here you go
I opened up Ms Dhoni’s Website
Got into the login panel
inserted a sample SQL query to check if .NET debugging was enabled or not, and by God it was enabled. What in the God’s name were they thinking ?
Inserted a simple SQL string and was logged in as “tushar31128” . Easy as pie.. and I didnt even probed for more than 3 minutes. sheesh..
I later tried to contact the devs to solve the vulnerability but..
It seems..they are down too…
What I want to prove here is not that its easily hackable..I want to prove that Any person with far better capabilities than mine can trash the website. I didnt even gained access to admin panel (never tried for it) but I guess I m able to prove my point. I guess Mr Dhoni will go for an overhaul of the website once he is back. I m an eager fan of the renowned cricketer anyways.
See you next mission.
Like This post ? You can buy me a Beer :)
Posted by XERO. ALL RIGHTS RESERVED.
hahahaah some local had buitl ms dhoni website,cleraly providing u the eroor with the line no. nd syntax too,damm noob creator
ReplyDelete