[Owasp-delhi] ISACA Mumbai SQL Injection
puneet.mehta at sdgc.com
Sun Sep 20 13:46:08 EDT 2009
I will take this up with ISACA Mumbai chapter board . Thanks for bringing this up .
From: owasp-delhi-bounces at lists.owasp.org
To: amar wakharkar
Cc: owasp-delhi at lists.owasp.org
Sent: Sun Sep 20 22:47:22 2009
Subject: Re: [Owasp-delhi] ISACA Mumbai SQL Injection
Thanks Amar, there are many ISACA members on this list (Including Puneet) who should help ISACA fixing this problem.
By the way, existence of such common security problem in the website of ISACA made me curious to dig a bit further in terms of soft investigation (Not Exploitation ;-)). Their website footer contains "Powered By : www.mahalasainfo.com <http://www.mahalasainfo.com> ". Which reveals "Security challenges while outsourcing". I am sure by now, the trick must be known to everyone. Make a quick google search to see which websites are (so called) powered by that domain and you will find every website is vulnerable to SQL injection, there are over 20. I am too lazy to find the right contact and report those companies about their websites being vulnerable. If any company is known to members around here, then please help them by reporting the vulnerability.
amar wakharkar wrote:
Just Found something interesting on ISACA Mumbai WebSite and as per recommendation of Dhruv, Sharing it with all,
Look at the screenshots,
From the happening headlines to the juiciest gossip, get your daily update on MSN India Drag n' drop <http://in.msn.com>
Owasp-delhi mailing list
Owasp-delhi at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-delhi