Extension Factory Builder

Monday, December 26, 2011

Want To Hack BSNL Website


Yes , we shall hack bsnl website easily , easy enough for a nursery kid. We shall be using Google Hacking and SQL Injection techniques.


So Lets begin.


Search this in google :


inurl:bsnl.co.in/admin


In the search results page go to second page. You would see plenty of links of the type :


www.billchn.bsnl.co.in/admin/ 


Open that link and you will see lots of source code files.


Many of the links on this page show good information like :


Payment information – http://www.billchn.bsnl.co.in/admin/consol.jsp 
Transaction information – http://www.billchn.bsnl.co.in/admin/consolidatedreport.jsp 
Registered user page – http://www.billchn.bsnl.co.in/admin/registereduser.jsp 


Even an administration page is available without login :
http://billchn.bsnl.co.in/modifypassword.jsp 
and here :


http://www.billchn.bsnl.co.in/selectmodifyoption.jsp 


Check out what can be hacked from there.


So you hacked into bsnl servers and found some information that should be password protected. If you are a creative hacker then try getting into the system with a proper login.


This is the login page :
http://www.billchn.bsnl.co.in/adminlogin.html 


Another google hack term :


site:bsnl.co.in inurl:admin


Search the above and you might get some more interesting links like :


http://www.str.bsnl.co.in:8009/y_circulars_list_v.asp?showmaster=1&categary=Admin 
http://training.bsnl.co.in/reports_module/nominations_status.asp?selected_month=5&selected_year=2005&selected_c_institute_cd=TINST_26&selected_faculty=admin 
http://training.bsnl.co.in/MAIN_MODULE/telephone_directory.asp?selected_c_institute_cd=&selected_faculty=admin


http://training.bsnl.co.in/MAIN_MODULE/telephone_directory.asp?selected_c_institute_cd=TINST_17&selected_faculty=DE+ADMIN


http://training.bsnl.co.in/MAIN_MODULE/telephone_directory.asp?selected_c_institute_cd=&selected_faculty=DE+ADMIN


http://training.bsnl.co.in/MAIN_MODULE/telephone_directory.asp?selected_c_institute_cd=TINST_5&selected_faculty=admin


http://training.bsnl.co.in/reports_module/nominations_status.asp?selected_month=11&selected_year=2001&selected_c_institute_cd=&selected_faculty=ALL 
The above links appear to be : should have been password protected but they are publicly visible.
Posted by at 10:49 PM

1 comment:

Subscribe to: Post Comments (Atom)