[Owasp-delhi] ISACA Mumbai SQL Injection

Puneet Mehta puneet.mehta at sdgc.com
Sun Sep 20 13:46:08 EDT 2009 

I will take this up with ISACA Mumbai chapter board . Thanks for bringing this up . 

-Puneet 


________________________________

From: owasp-delhi-bounces at lists.owasp.org 
To: amar wakharkar 
Cc: owasp-delhi at lists.owasp.org 
Sent: Sun Sep 20 22:47:22 2009
Subject: Re: [Owasp-delhi] ISACA Mumbai SQL Injection 


Thanks Amar, there are many ISACA members on this list (Including Puneet) who should help ISACA fixing this problem.

By the way, existence of such common security problem in the website of ISACA made me curious to dig a bit further in terms of soft investigation (Not Exploitation ;-)). Their website footer contains "Powered By : www.mahalasainfo.com <http://www.mahalasainfo.com> ". Which reveals "Security challenges while outsourcing". I am sure by now, the trick must be known to everyone. Make a quick google search to see which websites are (so called) powered by that domain and you will find every website is vulnerable to SQL injection, there are over 20. I am too lazy to find the right contact and report those companies about their websites being vulnerable. If any company is known to members around here, then please help them by reporting the vulnerability.



amar wakharkar wrote: 

	Dear All,
	 
	Just Found something interesting on ISACA Mumbai WebSite and as per recommendation of Dhruv, Sharing it with all,
	 
	Look at the screenshots,
	 
	Regards,
	 
	Amar Wakharkar.
	
	
________________________________

	From the happening headlines to the juiciest gossip, get your daily update on MSN India Drag n' drop <http://in.msn.com> 
	
________________________________




	
	

________________________________



	
________________________________


	_______________________________________________
	Owasp-delhi mailing list
	Owasp-delhi at lists.owasp.org
	https://lists.owasp.org/mailman/listinfo/owasp-delhi
	  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20090920/f686c9d5/attachment.html

More information about the Owasp-delhi mailing list