Sikkim Manipal University / Calcutta University Vulnerabilities

2010-07-18T00:00:00
ID PACKETSTORM:91950
Type packetstorm
Reporter Cyber Security Research Team
Modified 2010-07-18T00:00:00

Description

                                        
                                            `Topic:  
  
a) Sikkim Manipal University portal is vulnerable to SQL Injection attack.  
b) Calcutta University website is spreading malware via iframe code  
insertion.  
  
Details:  
  
a) About the university: Sikkim Manipal is one of the largest private  
University in India. The Institute attracts students from all over the  
country, with over 1700 students enrolled in the various engineering  
disciplines. 102 full-time faculties are employed.  
  
Type of problem: SQL Injection  
  
Vulnerable Portal: http://portal.smude.edu.in/  
  
User Name: *sanjay*  
[any name will work]  
Password: *' OR ''='  
*Choose "*Center Login*" radio button  
Press SUBMIT.  
  
Screenshot: http://www.isolutionindia.com/isolutionindia/disclosure/SM.JPG  
  
Effect: You have access to the main admin panel. Option to download & print  
ALL student records, contact information, admit cards for upcoming  
examinations, assignments, results, etc. Option to change password.  
  
Credit: Pradip Sharma, Surajit Biswas, Sandeep Sengupta; Cyber Security  
Research Analysts, iSolution Software Systems Pvt. Ltd.,  
www.isolutionindia.com  
  
b) Calcutta University is the oldest existing University in Indian  
Subcontinent. Founded 1857, it is ranked 39th in the world.  
  
Vulnerability: The main page is spreading virus. www.caluniv.ac.in  
It has iframe code injection & pulling virus from the Russian site  
pantscow.ru  
Hundreds will be infected while checking for results on the website.  
  
Screenshot: http://www.isolutionindia.com/isolutionindia/disclosure/CU.JPG  
  
Credit: Arnab Kanti Choudhury, Sandeep Sengupta; Cyber Security Research  
Analysts, iSolution Software Systems Pvt. Ltd., www.isolutionindia.com  
  
Disclaimer: The above information has been published with intention that the  
concerned authorities will take notice & amend the bugs. People are  
requested not to use the above information for illegal actions. We take no  
responsibility of the consequences.  
  
Thanks.  
  
Cyber Security Research Team  
iSolution Software Systems Pvt. Ltd.  
www.isolutionindia.com*  
Mob: +91 9830310550  
*  
`