:::: MENU ::::

Intersection of interests.

I have had a severe sprain in my neck for around 3 days now and was looking for “something different” to do after i get well. Also I had been writing an article on the cross-site scripting framework for the college’s annual magazine. (you will know where am I going with this soon). So as I was thinking it came to me that ” watching theatre” could be the “something different”. I am as it is a huge fan of the plays organized by the NSD Repertory Company and hence NSD was the first place I started looking for, for any upcoming shows. I am a lazy person and instead of calling the helpline preferred visiting the website. Just in case if you didn’t know the website, it is http://nsd.gov.in . Allright …um… NSD website + XSS article….. NSD website + XSS article….. NSD website + XSS article….. NSD website + XSS article….. NSD website + XSS article…. NSD website + XSS article.

EQUALS

XSS on NSD’s website :D

 

Here is the alumni’s section. :)

All right how did I find it. ?

So for obvious reasons (look at the url , id=some integer) , I thought there could be a possible sqli vulnerability, though i knew i had a very little chance, i still pushed in the url to both havij and sqlmap. Havij failed however sqlmap listed that a boolean based blind could be executed in the format of 1=1, so for abvious reasons i tried a=a. Which did not work… ah…then finally came to me that and i executed the ‘a’=’a’. Finally replace the ‘a’ with a script and tada! :D

About the disclosures.

I wrote a mail to  indiaportal@gov.in, nationalschoolofdrama@gmail.com and info@cert-in.org.in. I also submitted it to thehackernews.com, xssed.com and null.co.in
However I do not expect a reply any time soon.


by Adwiteeya Agrawal

3 Comments

So, what do you think ?