Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Sikkim Manipal University / Calcutta University Vulnerabilities

🗓️ 18 Jul 2010 00:00:00Reported by Cyber Security Research TeamType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 40 Views

Sikkim Manipal University and Calcutta University facing vulnerabilities to SQL Injection and malware spreading through iframe code insertio

Code
`Topic:  
  
a) Sikkim Manipal University portal is vulnerable to SQL Injection attack.  
b) Calcutta University website is spreading malware via iframe code  
insertion.  
  
Details:  
  
a) About the university: Sikkim Manipal is one of the largest private  
University in India. The Institute attracts students from all over the  
country, with over 1700 students enrolled in the various engineering  
disciplines. 102 full-time faculties are employed.  
  
Type of problem: SQL Injection  
  
Vulnerable Portal: http://portal.smude.edu.in/  
  
User Name: *sanjay*  
[any name will work]  
Password: *' OR ''='  
*Choose "*Center Login*" radio button  
Press SUBMIT.  
  
Screenshot: http://www.isolutionindia.com/isolutionindia/disclosure/SM.JPG  
  
Effect: You have access to the main admin panel. Option to download & print  
ALL student records, contact information, admit cards for upcoming  
examinations, assignments, results, etc. Option to change password.  
  
Credit: Pradip Sharma, Surajit Biswas, Sandeep Sengupta; Cyber Security  
Research Analysts, iSolution Software Systems Pvt. Ltd.,  
www.isolutionindia.com  
  
b) Calcutta University is the oldest existing University in Indian  
Subcontinent. Founded 1857, it is ranked 39th in the world.  
  
Vulnerability: The main page is spreading virus. www.caluniv.ac.in  
It has iframe code injection & pulling virus from the Russian site  
pantscow.ru  
Hundreds will be infected while checking for results on the website.  
  
Screenshot: http://www.isolutionindia.com/isolutionindia/disclosure/CU.JPG  
  
Credit: Arnab Kanti Choudhury, Sandeep Sengupta; Cyber Security Research  
Analysts, iSolution Software Systems Pvt. Ltd., www.isolutionindia.com  
  
Disclaimer: The above information has been published with intention that the  
concerned authorities will take notice & amend the bugs. People are  
requested not to use the above information for illegal actions. We take no  
responsibility of the consequences.  
  
Thanks.  
  
Cyber Security Research Team  
iSolution Software Systems Pvt. Ltd.  
www.isolutionindia.com*  
Mob: +91 9830310550  
*  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Jul 2010 00:00Current
0.3Low risk
Vulners AI Score0.3
sikkim manipal universitycalcutta universitysql injectionmalwareiframe codeindiarussian siteviruscybersecurityisolution software systems pv.t ltd.
40