Ravi kariya a security Analyst from Cyber Octet Pvt. Ltd (facebook.com/cyberoctet) has discovered critical vulnerabilities in the official website (divyadutta.co.in) of famous Indian Actress Divya Dutta.
There are two SQL Injection vulnerability in the website. One of the vulnerabilities resides in the Press Clips page of the site(divyadutta.co.in/pressclipdetail.asp?id=7). A malicious hacker can exploit this vulnerability and extract the database .
There are two SQL Injection vulnerability in the website. One of the vulnerabilities resides in the Press Clips page of the site(divyadutta.co.in/pressclipdetail.asp?id=7). A malicious hacker can exploit this vulnerability and extract the database .
The other one is more critical one , it allows hackers to bypass authentication of the Login . A malicious hacker can login into the website as admin(divyadutta.co.in/admin/) . This can be done by injecting the crafted password that will modify the sql query such that it allows hacker to login.
There is also Cross site scripting vulnerability in the contact us page(divyadutta.co.in/contact.asp ) . Injecting the follow code in the fields and clicking the submit button executes the injected code
"><script>alert('My Love For Divya Dutta')</script>
There is also Cross site scripting vulnerability in the contact us page(divyadutta.co.in/contact.asp ) . Injecting the follow code in the fields and clicking the submit button executes the injected code
"><script>alert('My Love For Divya Dutta')</script>
No comments:
Post a Comment