Monday, December 19, 2011

How Dhoni,Priyanka and Preity was Hacked:(An Exclusive Research)

Hello World,I hope you all are fine J.
Ahhhh I know its almost a week,I didn’t updated this blog.But d reason was li’l hectic schedule and my lazyness…really I’m sooo lazy….
But yes, in meantime I was also looking for a good article for you guys.
And here’s the results.Yuppp….Today I am here with a wonderful article and I’m sure you’ll love this one.
Some time ago you might heard that our great, young  cricketer and Indian Cricket team Captain M.S.Dhoni was disturbed bcz his blog was hacked by anonymous hacker.Now recall your mind again and think is it only celebrity whose site was being hacked???
And the answer is big NO.Their are many famous Faces in the list.Preity Zinta and Miss World Priyanka Chopra are also victim.
Yes,I’m telling the truth.And today I’ll tell you all the vulnerability in their sites.

It was a cool website with a heavy flash on the home page .
Have a look at it.

The website is coded in . So I went out to check for the escape character flaw in the database and foud that the server threw error which clearly reports that it is not configured to render such escape symbols. This makes the website an easy target for sql injection attack.

this screenshot is of the error message thrown by the server.

So the database had a big flaw in it . i then tried out several sql injection strings to find out i f it works and as expected , i was logged in with some id named as "prathapivs" .

Then I came to my favorite "Piggy Chops" , priyanka Chopra's website .
Here the security was far better than that of Dhoni's . Atleast the most common flaws were fixed .
Here I used the Crome's sandbox to find a small security flaw in the source code of the website which is enough to bypass the authentication measures of the website .
In the following snapshot see the code at the bottom which shows the sandbox inspecting the different elements of the main page.

A similar type of flaw was also existing in Priety Zinta's website too .
The website is even not properly designed to make a proper valid authentication for the users .
The website had a simple implimentation of jsp and was filled with several flaws like apache server flaws etc .
The validation script was throwing exceptions each time you log.

Upon injecting scape character strings in the login form the website was behaving in a wired manner and showed a misconfigured page with an error message .
It was not at all difficult from that point to break into the website and gain authenticated privilage .
See the snapshots . When i tried to login with some random user id and password then i got an error message that the user doesnot exist .
But when i tried to inject strings into the login form then although it didnot log me in but it took me to a page that can easily be compromized.

This is our security about our personal life.
Here you all have seen hoe insecure we are today.The need of cyber security is in demand and one must be aware of his/here privacy because there are many hungry evils eyes are following us and one don’t know when he/she become victims.

So be Alert…be Aware…be Active…

Hope you like the efforts.

If you have any query feel free to ask.




Post a Comment

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Web Hosting Bluehost