BSNL Hack: Employee accounts are publicly accessible!

[Sushubh]

Indian Govt. company Hacked! - Pastebin.com

Found a big vulnerability in Bharat Sanchar Nigam Ltd (BSNL) Network. BSNL is the India’s largest, oldest & the only telecomm company in the Government sector. For hacking into system of BSNL you don't need to be a Hacker or a computer geek, just copy paste the URL & you will be logged in as an Employee of BSNL. And the interesting part is everybody will get a chance to sneak into the system (means no matter if you change the password, if other person copy-paste the same URL he too will be directed to the accounts setting) till they fix the vulnerability. This shows how lame/corrupt is the Indian Government company’s when it comes to security even after eating Billions of Rupees of the common people.
Although the intension is to expose them not harm them (Financially). It’s a war against corruption that we are fighting. Posting 'only' 'some' of the Helpdesk employee login URL's, even though the site is highly vulnerable to just a simple SQL Injection attack. With this giving you the personal email Id's of top most heads of the company.

By
ThEhACkER12

@ThEhACkER12
ThEhACkER12.blogspot.com

Enjoy the Mayhem!

 

[Jonas]

How big of a task is it to track this guy?

 

[sandeeprao]

Looks like it was not a fake! Just checked clicking the links, looks like they are active URLs. Hmmm no sure if it would have any impact on public users.

 

[cst1992]

Works!
I feel even more urged to shift to Hayai now...

----------

Logoff Admin?!

 

[somenormalguy]

oo that link works.. i could modify some data.. hmm..with this hack people can change speed limit?

 

[cst1992]

no, unfortunately.. but you can change the passwords and it does not ask for verification

 

---

[rajm11]

----comment deleted by government-----

 

[x720]

I think this only affects those who are on dotsoft.

 

[cst1992]

----comment deleted by government-----
good one.

----------

I think this only affects those who are on dotsoft.
However it's still a risk for all the concerned people...

 

[bbfreak]

Let's be reasonable and think we are talking about BSNL and not some pvt. companyU can't expect more from that.

 

[volcano619]

WoW...!!Just by a SQL execution....!!...BSNL doesn't have anything for cyber security....!! WTF...!!

 

[niksad8]

well just to be careful you guys might want to use a proxy before accessing the site, If this does blow out, bsnl will hunt you down, and getting home address from ipaddress takes less than an hour :x. I remember back in my haydays i got access to a admin account in nic.in. the password was simply admin123 xD. I could log in, read all the mails that were coming in and so on. I always used a proxy site to visit that site tho.

 

[experience]

Thousands of people accessed it, They're not going to hunt down 1000's of people for something they found in google.

 

[kickass]

^ proxy sucks. get a EU based VPN 🙂