M S Dhoni Website hacked – Mahi’s site Vulnerable to SQL injections

Well..it seems as Mr Dhoni prepares himself for his wedding, in the mean time, his website is found to be quite vulnerable to SQL injections.Mahi ? you too ? - theprohack.com The website created   in Microsoft .net is an easy bait to compromise when it comes to sql injections. I earlier blogged about hackable government and educational websites and emphasized on how computer security is virtually nil from Indian web scenario. And the thing keeps on going.I tried to contact the website creators, but their own website was down at the moment. sheesh..

Disclaimer -

I HAVE NOT HACKED ANY OF THE SITES AND THE DATABASE,JUST TESTED THEM FOR VULNERABILITIES. I TESTED THEM AND FOUND ERRORS WHICH MAY/MAY NOT BE DISCLOSED HERE AND IN NO WAY ANY ONE CAN SUE ME FOR THIS AS I DID AND MEANT NO HARM TO THE DATA OF CONCERNED ORGANIZATIONS.BY READING THIS ARTICLE YOU AGREE WITH THE DISCLAIMER.

IF YOU AGREE WITH THIS AGREEMENT,CONTINUE READING ELSE IMMEDIATELY LEAVE THIS WEBSITE.

Here you go

Main Page - theprohack.com

I opened up Ms Dhoni’s Website

Login panel - theprohack.com 

Got into the login panel

Debugging enabled... - theprohack.com

inserted a sample SQL query to check if .NET debugging was enabled or not, and by God it was enabled. What in the God’s name were they thinking ?

And I am In - theprohack.com

Inserted a simple SQL string and was logged in as “tushar31128” . Easy as pie.. and I didnt even probed for more than 3 minutes. sheesh..

I tried to contact the devs - theprohack.com

I later tried to contact the devs to solve the vulnerability but..

The Devs were down too - theprohack.com

It seems..they are down too…

What I want to prove here is not that its easily hackable..I want to prove that Any person with far better capabilities than mine can trash the website. I didnt even gained access to admin panel (never tried for it) but I guess I m able to prove my point. I guess Mr Dhoni will go for an overhaul of the website once he is back. I m an eager fan of the renowned cricketer anyways.

 

See you next mission.

Like This post ?  You can buy me a Beer :)

Posted by XERO. ALL RIGHTS RESERVED.

1 comment:

  1. saurav MANDHOTRAMay 2, 2011 at 4:50 PM

    hahahaah some local had buitl ms dhoni website,cleraly providing u the eroor with the line no. nd syntax too,damm noob creator

    ReplyDelete

Need to say something ? Spell it out :)