Election Commission of India website had XSS and SQL injection vulnerabilities.
The vulnerabilities were reported on 2nd of March to ECI and on 4th March to CERT-IN, for the following URL: http://search.eci.gov.in/maps/eci_se2007/detailResult.asp The above script is used to display detailed results of a given constituency. On 9th March 2007 Election Commission of India Fixed (disabled parts of) their website to avoid XSS and SQL injection vulnerabilities after intervention of CERT-IN. Still a bit of usually harmless data insertion is possible. -- Sincerely Ajay Pal Singh Atwal _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
