IncredibleIndia.org has a security hole.

I reported the matter to the administrator of the website in the first week of April 2006 but they took no action. I released a security advisory describing the issue on 16 April 2006. The security hole is an SQL injection vulnerability present in a certain page of the website that allows an attacker to probe their database and drop tables.

It's said that one should never assume a website to be too insignificant to get the attention of attackers. An attack of this kind is not a matter of whether it will happen but when it will happen.

IncredibleIndia.org was attacked twice today but the site recovered both the times. Perhaps the administrator recovered the dropped tables from the backup. But I don't know whether the administrator is aware of the fact that the tables are being dropped by attackers.

No comments

Post a comment

RSS