Reported to CERT-IN.ORG.IN, CERT.ORG
http://dte.org.in/dtechat/chat.asp
The chat page is the most vulnerable part of their website
Malicious JavaScripts/VBScripts can be directly sent / posted as a chat message
The page content can be changed to show objectionable content/Virtual Defacing
Some Porn Image/Video/IFRAME content can be easily inserted on the site.
Script Kiddies with javascript expertise can make this site overloaded with unnecessary undesired unexpected chat traffic, even slow it down so much, that it becomes of no use.
Thereby wreaking havoc on chat part of Website.
Using say …
Infinite Looped Auto Refresh on Chat Page can be introduced.
Multiple Popup Windows increasing traffic on Web server and slowing it down if possible.
Sophisticated (Wanted) Criminals with Computer Forensic Knowledge, can pass on encrypted messages on chat part to communicate with each other in coded language. Without letting anyone know their location/coordinates, even if their email IDs are under the scanner by Interpol/CBI/NIA/CID etc.
Since any complex javascript can be run on this site,
Web Client (visitor’s) identity is also at stake.
Visitor’s Browsers, can be redirected to install spyware based plugins/installers from a hacker’s rouge site for displaying forged web content which got artificially embedded into chat section.
e.g: Flash Player (approx 1.5MB(from original site))/Java Plugin(Approx 15MB standard(from original site))
These visitors could end up having machines, acting as key-loggers/screen shot capture zombie machines with rootkits ready to be remotely monitored/synchronized and remotely controlled.
Possibilities of Phishing Attack.
Possibilities of Cross Site Scripting, gathering intelligence about Cookie values etc. XSS cannot be ruled out.
Severity and Impairment of Operations: Could be High
If conditions are created, that this causes dte servers with load balancing to cross Load Test + Stress Test threshold objectives, for which it was engineered to serve,
Results could imply, failure to serve thousands of Indian Nationals/Citizens/Kids in India and Abroad.
Imagine such a situation, when students all over India are coming in to check exam results etc ...
(Important Critical Moments)
Height of irresponsibility & Stupidity
Plz Respond & Act
Indians cannot Accept their Technical Education (If it really stands for it) to be such a soft target.
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Reported To CERT-IN,CERT Hacked Site:Directorate of Technical Education, Mumbai India
1. CERT- IN CERT- IN CERT- IN CERT- IN
VULNERABILITY REPORT FORM
VULNERABILITY REPORT FORM
VULNERABILITY REPORT FORM
VULNERABILITY REPORT FORM
For official use only: For official use only: For official use only: For official use only:
Vulnerability number CERT-In__________________________
Vulnerability number CERT-In__________________________
Vulnerability number CERT-In__________________________
Vulnerability number CERT-In__________________________
1. Contact Information of the person reporting: 1. Contact Information of the
person reporting: 1. Contact Information of the person reporting: 1. Contact
Information of the person reporting:
Name: Siddharth Organization: SERC, IISc Bangalore. Organization:
Amitkumar Bhattacharya SERC, IISc
Bangalore. Title:
Office Phone: Email:siddharth.siom@gmail.com Email:siddharth.
Cell Phone.Pager: siom@gmail.co
m Fax Number:
2. Date and Time of Identification: 2. Date and Time of Identification: 2. Date and
Time of Identification: 2. Date and Time of Identification:
Date: 16-Dec-2008 Date: 16-Dec-2008 Time:
00:00:00 Time: 00:00:00
3. Type of Vulnerability (check all that apply): 3. Type of Vulnerability (check all
that apply): 3. Type of Vulnerability (check all that apply): 3. Type of Vulnerability
(check all that apply):
Input Validation Error (YES) Environment Error Environment
Boundary Condition Error Error Input Validation
Buffer Over Flow Error (YES)
Access Validation Error (YES) Configuration Error
Exceptional Conditional Error Race Condition
Others
Configuration Error
Race Condition
Others
Boundary Condition Error
Buffer Over Flow
Access Validation Error
(YES)
Exceptional Conditional Error
4. Common Weakness Enumeration (CWE) : (if any) 4. Common Weakness
Enumeration (CWE) : (if any) 4. Common Weakness Enumeration (CWE) : (if any)
4. Common Weakness Enumeration (CWE) : (if any)
5. Information of Affected System: 5. Information of Affected System: 5.
2. Information of Affected System: 5. Information of Affected System:
Application Operating System Operating
System
Hardware
Name: Name Microsoft Name Name
Directorate of Technical Version Microsoft
Education Release Version
(http://dte.org.in/) Web Release
Application/Website Version
Version -- Release
Release --
6. Vulnerability Description (Attach additional sheets if required): 6. Vulnerability
Description (Attach additional sheets if required): 6. Vulnerability Description
(Attach additional sheets if required): 6. Vulnerability Description (Attach
additional sheets if required):
Documented in: Documented in: Documented in: Documented in:
http://armageddonsaviour.blogspot.com/2008/12/has-anybody-cared-to-inform-dte.html
on Dec-16-2008.
On Directorate of Technical Education Website,
http://dte.org.in
Part 1 of problem:
http://dte.org.in/dtechat/chat.asp
The chat page is the most vulnerable part of their website
Malicious JavaScripts/VBScripts can be directly sent / posted as a chat message
Part 2 of problem:
http://dte.org.in/feedback/feedback.asp
which submits data to
http://dte.org.in/feedback/feedback1.asp
doesnt accept feedbacks
It shows
Microsoft OLE DB Provider for SQL Server error
'80040e09'
INSERT permission denied on object 'Grv', database
'DEGREE', owner 'dbo'.
/feedback/feedback1.asp, line 8
http://armageddonsaviour.blogspot.com/2008/12/has-anybody-cared-to-inform-dte.html
on Dec-16-2008.
On Directorate of Technical Education Website,
http://dte.org.in
3. Part 1 of problem:
http://dte.org.in/dtechat/chat.asp
The chat page is the most vulnerable part of their website
Malicious JavaScripts/VBScripts can be directly sent / posted as a chat message
Part 2 of problem:
http://dte.org.in/feedback/feedback.asp
which submits data to
http://dte.org.in/feedback/feedback1.asp
doesnt accept feedbacks
It shows
Microsoft OLE DB Provider for SQL Server error
'80040e09'
INSERT permission denied on object 'Grv', database
'DEGREE', owner 'dbo'.
/feedback/feedback1.asp, line 8
http://armageddonsaviour.blogspot.com/2008/12/has-anybody-cared-to-inform-dte.html
on Dec-16-2008.
On Directorate of Technical Education Website,
http://dte.org.in
Part 1 of problem:
http://dte.org.in/dtechat/chat.asp
The chat page is the most vulnerable part of their website
Malicious JavaScripts/VBScripts can be directly sent / posted as a chat message
Part 2 of problem:
http://dte.org.in/feedback/feedback.asp
which submits data to
http://dte.org.in/feedback/feedback1.asp
doesnt accept feedbacks
It shows
Microsoft OLE DB Provider for SQL Server error
'80040e09'
INSERT permission denied on object 'Grv', database
'DEGREE', owner 'dbo'.
/feedback/feedback1.asp, line 8
http://armageddonsaviour.blogspot.com/2008/12/has-anybody-cared-to-inform-dte.html
on Dec-16-2008.
On Directorate of Technical Education Website,
4. http://dte.org.in
Part 1 of problem:
http://dte.org.in/dtechat/chat.asp
The chat page is the most vulnerable part of their website
Malicious JavaScripts/VBScripts can be directly sent / posted as a chat message
Part 2 of problem:
http://dte.org.in/feedback/feedback.asp
which submits data to
http://dte.org.in/feedback/feedback1.asp
doesnt accept feedbacks
It shows
Microsoft OLE DB Provider for SQL Server error
'80040e09'
INSERT permission denied on object 'Grv', database
'DEGREE', owner 'dbo'.
/feedback/feedback1.asp, line 8
7. Vulnerability Consequences: 7. Vulnerability Consequences: 7. Vulnerability
Consequences: 7. Vulnerability Consequences:
Because of Part 1: Because of Part 1: Because of Part 1: Because of Part 1:
The page content can be changed to show objectionable content/Virtual Defacing
Some Porn Image/Video/IFRAME content can be easily inserted on the site.
Script Kiddies with javascript expertise can make this site overloaded with unnecessary
undesired unexpected chat traffic, even slow it down so much, that it becomes of no use.
Thereby wreaking havoc on chat part of Website.
Using say …
Infinite Looped Auto Refresh on Chat Page can be introduced.
Multiple Popup Windows increasing traffic on Web server and slowing it down if
possible.
Sophisticated (Wanted) Criminals with Computer Forensic Knowledge, can pass on
encrypted messages on chat part to communicate with each other in coded language.
Without letting anyone know their location/coordinates, even if their email IDs are under
the scanner by Interpol/CBI/NIA/CID etc.
Since any complex javascript can be run on this site,
Web Client (visitor’s) identity is also at stake.
Visitor’s Browsers, can be redirected to install spyware based plugins/installers from a
hacker’s rouge site for displaying forged web content which got artificially embedded
into chat section.
e.g: Flash Player (approx 1.5MB(from original site))/Java Plugin(Approx 15MB
standard(from original site))
5. These visitors could end up having machines, acting as key-loggers/screen shot capture
zombie machines with rootkits ready to be remotely monitored/synchronized and
remotely controlled.
Possibilities of Phishing Attack.
Possibilities of Cross Site Scripting, gathering intelligence about Cookie values etc. XSS
cannot be ruled out.
Severity and Impairment of Operations: Could be High
If conditions are created, that this causes dte servers with load balancing to cross Load
Test + Stress Test threshold objectives, for which it was engineered to serve,
Results could imply, failure to serve thousands of Indian Nationals/Citizens/Kids in India
and Abroad.
Imagine such a situation, when students all over India are coming in to check exam
results etc ...
(Important Critical Moments)
Height of irresponsibility & Stupidity
Plz Respond & Act
Indians cannot Accept their Technical Education (If it really stands for it) to be such a
soft target.
Because of Part 2:
It reveals database name as "DEGREE"
Which is unacceptable.
The page content can be changed to show objectionable content/Virtual Defacing
Some Porn Image/Video/IFRAME content can be easily inserted on the site.
Script Kiddies with javascript expertise can make this site overloaded with unnecessary
undesired unexpected chat traffic, even slow it down so much, that it becomes of no use.
Thereby wreaking havoc on chat part of Website.
Using say …
Infinite Looped Auto Refresh on Chat Page can be introduced.
Multiple Popup Windows increasing traffic on Web server and slowing it down if
possible.
Sophisticated (Wanted) Criminals with Computer Forensic Knowledge, can pass on
encrypted messages on chat part to communicate with each other in coded language.
Without letting anyone know their location/coordinates, even if their email IDs are under
the scanner by Interpol/CBI/NIA/CID etc.
Since any complex javascript can be run on this site,
Web Client (visitor’s) identity is also at stake.
Visitor’s Browsers, can be redirected to install spyware based plugins/installers from a
hacker’s rouge site for displaying forged web content which got artificially embedded
into chat section.
6. e.g: Flash Player (approx 1.5MB(from original site))/Java Plugin(Approx 15MB
standard(from original site))
These visitors could end up having machines, acting as key-loggers/screen shot capture
zombie machines with rootkits ready to be remotely monitored/synchronized and
remotely controlled.
Possibilities of Phishing Attack.
Possibilities of Cross Site Scripting, gathering intelligence about Cookie values etc. XSS
cannot be ruled out.
Severity and Impairment of Operations: Could be High
If conditions are created, that this causes dte servers with load balancing to cross Load
Test + Stress Test threshold objectives, for which it was engineered to serve,
Results could imply, failure to serve thousands of Indian Nationals/Citizens/Kids in India
and Abroad.
Imagine such a situation, when students all over India are coming in to check exam
results etc ...
(Important Critical Moments)
Height of irresponsibility & Stupidity
Plz Respond & Act
Indians cannot Accept their Technical Education (If it really stands for it) to be such a
soft target.
Because of Part 2:
It reveals database name as "DEGREE"
Which is unacceptable.
The page content can be changed to show objectionable content/Virtual Defacing
Some Porn Image/Video/IFRAME content can be easily inserted on the site.
Script Kiddies with javascript expertise can make this site overloaded with unnecessary
undesired unexpected chat traffic, even slow it down so much, that it becomes of no use.
Thereby wreaking havoc on chat part of Website.
Using say …
Infinite Looped Auto Refresh on Chat Page can be introduced.
Multiple Popup Windows increasing traffic on Web server and slowing it down if
possible.
Sophisticated (Wanted) Criminals with Computer Forensic Knowledge, can pass on
encrypted messages on chat part to communicate with each other in coded language.
Without letting anyone know their location/coordinates, even if their email IDs are under
the scanner by Interpol/CBI/NIA/CID etc.
Since any complex javascript can be run on this site,
Web Client (visitor’s) identity is also at stake.
Visitor’s Browsers, can be redirected to install spyware based plugins/installers from a
7. hacker’s rouge site for displaying forged web content which got artificially embedded
into chat section.
e.g: Flash Player (approx 1.5MB(from original site))/Java Plugin(Approx 15MB
standard(from original site))
These visitors could end up having machines, acting as key-loggers/screen shot capture
zombie machines with rootkits ready to be remotely monitored/synchronized and
remotely controlled.
Possibilities of Phishing Attack.
Possibilities of Cross Site Scripting, gathering intelligence about Cookie values etc. XSS
cannot be ruled out.
Severity and Impairment of Operations: Could be High
If conditions are created, that this causes dte servers with load balancing to cross Load
Test + Stress Test threshold objectives, for which it was engineered to serve,
Results could imply, failure to serve thousands of Indian Nationals/Citizens/Kids in India
and Abroad.
Imagine such a situation, when students all over India are coming in to check exam
results etc ...
(Important Critical Moments)
Height of irresponsibility & Stupidity
Plz Respond & Act
Indians cannot Accept their Technical Education (If it really stands for it) to be such a
soft target.
Because of Part 2:
It reveals database name as "DEGREE"
Which is unacceptable.
The page content can be changed to show objectionable content/Virtual Defacing
Some Porn Image/Video/IFRAME content can be easily inserted on the site.
Script Kiddies with javascript expertise can make this site overloaded with unnecessary
undesired unexpected chat traffic, even slow it down so much, that it becomes of no use.
Thereby wreaking havoc on chat part of Website.
Using say …
Infinite Looped Auto Refresh on Chat Page can be introduced.
Multiple Popup Windows increasing traffic on Web server and slowing it down if
possible.
Sophisticated (Wanted) Criminals with Computer Forensic Knowledge, can pass on
encrypted messages on chat part to communicate with each other in coded language.
Without letting anyone know their location/coordinates, even if their email IDs are under
the scanner by Interpol/CBI/NIA/CID etc.
Since any complex javascript can be run on this site,
Web Client (visitor’s) identity is also at stake.
8. Visitor’s Browsers, can be redirected to install spyware based plugins/installers from a
hacker’s rouge site for displaying forged web content which got artificially embedded
into chat section.
e.g: Flash Player (approx 1.5MB(from original site))/Java Plugin(Approx 15MB
standard(from original site))
These visitors could end up having machines, acting as key-loggers/screen shot capture
zombie machines with rootkits ready to be remotely monitored/synchronized and
remotely controlled.
Possibilities of Phishing Attack.
Possibilities of Cross Site Scripting, gathering intelligence about Cookie values etc. XSS
cannot be ruled out.
Severity and Impairment of Operations: Could be High
If conditions are created, that this causes dte servers with load balancing to cross Load
Test + Stress Test threshold objectives, for which it was engineered to serve,
Results could imply, failure to serve thousands of Indian Nationals/Citizens/Kids in India
and Abroad.
Imagine such a situation, when students all over India are coming in to check exam
results etc ...
(Important Critical Moments)
Height of irresponsibility & Stupidity
Plz Respond & Act
Indians cannot Accept their Technical Education (If it really stands for it) to be such a
soft target.
Because of Part 2:
It reveals database name as "DEGREE"
Which is unacceptable.
8. Suggested Solution: 8. Suggested Solution: 8. Suggested Solution: 8. Suggested
Solution:
For Part 1: For Part 1: For Part 1: For Part 1:
Please improve/include/filter validation of chat messages which should not allow running
of script embedded in messages
Implement validation in
http://dte.org.in/dtechat/message.asp
Using Client Side Javascript and also in ASP (Server Side)
To help reduce Bandwidth usage
And deliver better performance under load testing
For Part 2:
Hope you have performed thorough security testing of the
site to avoid SQL Injections etc ...
9. May I help in anyway?
In redesigning that part of the website?
Please improve/include/filter validation of chat messages which should not allow running
of script embedded in messages
Implement validation in
http://dte.org.in/dtechat/message.asp
Using Client Side Javascript and also in ASP (Server Side)
To help reduce Bandwidth usage
And deliver better performance under load testing
For Part 2:
Hope you have performed thorough security testing of the
site to avoid SQL Injections etc ...
May I help in anyway?
In redesigning that part of the website?
Please improve/include/filter validation of chat messages which should not allow running
of script embedded in messages
Implement validation in
http://dte.org.in/dtechat/message.asp
Using Client Side Javascript and also in ASP (Server Side)
To help reduce Bandwidth usage
And deliver better performance under load testing
For Part 2:
Hope you have performed thorough security testing of the
site to avoid SQL Injections etc ...
May I help in anyway?
In redesigning that part of the website?
Please improve/include/filter validation of chat messages which should not allow running
of script embedded in messages
Implement validation in
http://dte.org.in/dtechat/message.asp
Using Client Side Javascript and also in ASP (Server Side)
To help reduce Bandwidth usage
And deliver better performance under load testing
For Part 2:
Hope you have performed thorough security testing of the
site to avoid SQL Injections etc ...
May I help in anyway?
In redesigning that part of the website?
9. Other Agencies notified: 9. Other Agencies notified: 9. Other Agencies notified: 9.
Other Agencies notified:
10. The World is looking at this to be resolved with expectations. The World is looking at
this to be resolved with expectations. The World is looking at this to be resolved with
expectations. The World is looking at this to be resolved with expectations.
Details are there for all to see at:
http://armageddonsaviour.blogspot.com/2008/12/has-anybody-cared-to-inform-dte.html
Details are there for all to see at:
http://armageddonsaviour.blogspot.com/2008/12/has-anybody-cared-to-inform-dte.html
Details are there for all to see at:
http://armageddonsaviour.blogspot.com/2008/12/has-anybody-cared-to-inform-dte.html
Details are there for all to see at:
http://armageddonsaviour.blogspot.com/2008/12/has-anybody-cared-to-inform-dte.html
10. Additional Information: 10. Additional Information: 10. Additional
Information: 10. Additional Information:
Also Go Through: Also Go Through: Also Go Through: Also Go Through:
http://www.slideshare.net/siddharthbhattacharya/hacking-a-web-site-and-secure-web-
server-techniques-used
http://www.slideshare.net/siddharthbhattacharya/hacking-a-web-site-and-secure-web-
server-techniques-used
http://www.slideshare.net/siddharthbhattacharya/hacking-a-web-site-and-secure-web-
server-techniques-used
http://www.slideshare.net/siddharthbhattacharya/hacking-a-web-site-and-secure-web-
server-techniques-used