Tuesday, 15 April 2014

PC Jeweller is vulnerable to SQL injection

PC Jeweller started operations in April 2005 with one showroom at Karol Bagh Delhi. It is a first generation business promoted by two brothers- Sh Padam Chand Gupta and Sh Balram Garg. The company, however, had a vision of expanding its presence in the retail segment .

The company's business model consists of opening large format, stand alone stores at high street locations. It's stores stock a wide range of jewelry across all price points, with an increasing focus on diamond jewellery. The company sells only hallmarked jewelry and certified diamond jewelry. This assurance on quality & purity along with transparent & customer friendly policies has enabled PCJ to become an established and trusted brand name in a short time span.

It has accordingly been opening showrooms at regular intervals and today has a strength of 41 stores spread over 33 cities.

The most valued asset is our relationship with the clients, which has been built over years by giving certified quality, latest designs, transparency in dealings and best personalized customer service. Proactive and timely research and creation of world class jewelry and also guidance to its customers to enable them to take correct purchase decisions.

The company is confident that its trust on diamond and other high margin jewellery along with customer oriented marketing initiatives would continue to help grow its top line as well as the bottom line.

Mr. Padam Chand Gupta, Chairman of the Company has our three decades experience in jewelry.

Mr. Balram Garg, Managing Director of the Company can easily be called the goodwill ambassador of this group. A man of clear vision and strong decision, Mr. Garg's approach in business rests on his belief that nothing is impossible.


 Ok, Further on tesing i found a vulnerability of SQL injection in it.



Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker�s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.











































Regards:GD 4TT4CK3R



Monday, 14 April 2014

Andhra Pradesh Grameena Vikas Bank is vulnerable to SQL injection

APGVB Formation




 By amalgamation, on the 31st March 2006, of the following 5 banks, sponsored by SBI, to participate more energetically, with synergy, in the uplift and development of Rural Farm Sector and Rural Non-Farm Sector, with emphasis on the deprived, the Rural Poor, Rural ISB and Rural Crafts.

 Further on testing i found vulnerability in http://www.apgvbank.in 


Hope they will patch the vulnerability  as soon as possible.





Regards:GD 5TT5CK3R


Friday, 11 April 2014

Jammu University is Vulnerable to SQL Injection

Ok Guys,Further on testing I found vulnerability in Jammu University



 



Regards: GD 4TT4CK3R

Thursday, 10 April 2014

Pakistan Geo Tv News is Vulnerable to XSS

Further on testing i found vulnerability in Geo TV News of Pakistan

Affected URL:   http://geo.tv/SearchNews.aspx?URL=%3Cscript%3Ealert%28%27test%27%29;%3C/script%3E







Regards:GD 4TT4CK3R

IIPM College is Vulnerable is XSS

Founded in 1973, The Indian Institute of Planning and Management has grown to become one of the most respected business schools in South Asia . Its unique focus on national economic planning and highly researched management process control techniques has rewarded it with having the most exhaustive linkages with all facets of the corporate world. The Integrated and Full Time Programme in National Economic Planning and Entrepreneurship provided by IIPM (which are superior to standard MBA and BBA programs), alongwith IIPM's Fellowship, Executive Education (and Global Opportunities and Threats Analysis programs where students visit organizations like the United Nations (Geneva), World Bank, ILO, Nestle S.A. Vevey, IMD Lausanne, Credit Suisse etc.) have created some of the highest standards in the management field.

Further on testing i found vulnerability








Regards: GD 4TT4CK3R

Wednesday, 9 April 2014

Nivia Sports is Vulnerable to XSS

NIVIA � India�s leading Sports Brand, influential and intimately involved in shaping the sports in the country. As the originator of breakthrough technologies & innovative products , for decades NIVIA has produced legendary classics and earned nation-wide legitimacy in each sport that it has participated in. Backed by generations of sportsmen, NIVIA is the true INDIAN Iconic Sports Brand. NIVIA is Indian leading manufacturer of sports equipment, footwear & accessories. Our core sports are Football, Volleyball, Basketball, Cricket, Tennis, Hockey, Badminton and Squash.
Established since 1934, NIVIA is Headquartered in Jalandhar, India, NIVIA employee force is more than 2000, our dedicated sales network spreads to more than 1200 Dealers across India.

NIVIA is an Freewill Sports Pvt Ltd Brand.

Further on testing i found xss 

Affected url:
http://www.niviasports.com/search.php?keywords=<script>alert('test')</script>
























Regards: GD 4TT4CK3R

Tuesday, 8 April 2014

Sumpoorna Portfolio Limited is Vulnerable to SQL injection

Sumpoorna Portfolio Limited (�Sumpoorna Stock�/ �The company�) represents the equities arm of the Sumpoorna group. The company is a corporate member of both The National Stock Exchange of India Limited and The Bombay Stock Exchange, providing equity broking and research services, and catering to retail clients, domestic and foreign institutional investors. The company is focused on providing products, strategies and services to Corporates, HNIs, and retail clientele. We have a pan-India presence through our various channels, providing clients with the tools and services they need to maximize their investments performance and attracting new sources of capital.
Sumpoorna Stock spearheads the Capital Markets broking division of the Group, which provides services range from offline & online trading in equity, commodities and currency derivatives to debt market. 












Regards by GD 4TT4CK3R