JeS24
commented
2 years ago That last url and a bunch of others are public and can be accessed without login. This is not a vulnerability, since you do not get access to the auth-table or the database.
Closed Bikash-Bhatta closed 2 years ago
JeS24
commented
2 years ago That last url and a bunch of others are public and can be accessed without login. This is not a vulnerability, since you do not get access to the auth-table or the database.
Bikash-Bhatta
commented
2 years ago Ya I just recently checked in mobile that option is showing. But in pc access to that login page so I thought of it as a bug.
On Sun, Sep 18, 2022, 22:13 Jyotirmaya Shivottam @.***> wrote:
That last url and a bunch of others https://github.com/sdgniser/arc/blob/e1b0985d202ab9899b850e5103d7978896e25219/main/urls.py#L10 are public and can be accessed without login. This is not a vulnerability, since you do not get access to the auth-table or the database.
— Reply to this email directly, view it on GitHub https://github.com/sdgniser/arc/issues/26#issuecomment-1250345128, or unsubscribe https://github.com/notifications/unsubscribe-auth/A3BS34G2XGUUIFMW3PNEEATV65BBJANCNFSM6AAAAAAQPQCT5M . You are receiving this because you authored the thread.Message ID: @.***>
Bikash-Bhatta
commented
2 years ago This is not a vulnerability.
While doing sql injection through sqlmap I found out that the IP address 10.0.2.35 (which is the ip address of NISER SDG) is somewhat vulnerable to sql injection for which I am able to get to a sensitive site.
And this link lead me to the NISER archive login page:
This is really sensitive and can be exploited easily if it is having Default/Weak password flaws
Even I just tried and reset somebody password but I dont know whether that mail exist or not. If it really exist and the mail has been sent then I am really sorry. I was just checking.
Solution Change the GET parameter to POST. Secure the website code as it is vulnerable to SQL Injection.