Sify.com vulnerable to SQL Injection

Indian Ethical Hackers found a SQL injection flaw at Sify( sify.com). SQLi Vulnerability still exist in the site.

Ethical Hackers from India found a SQL Injection vulnerability at the high profile website sify.com. According to Ethical Hackers, they reported bug to site administration but they didnot respond to the vulnerability.

Website:

http://www.sify.com

Vulnerable link:

http://www.sify.com/imagegallery/gallery/img_view_sentcard.php?card_number=ss 

Vulnerability Type: 

SQL Injection

Status: 

Not Fixed [Critical]

About Sify:

Sify is an Internet service provider in India. Seventy five per cent of the 1.6 million visitors in 2008 to the web site sify.com hail from India. It was rated as one of “The ten top technology companies world-wide recommended for investment” by Fortune in 1999.

Sify was one of the first private sector player to offer internet access, when internet access was opened to private sector (until then the state run VSNL had a monopoly in providing internet access). It leased international bandwidth from global vendors, domestic connectivity from telecom players and set up last mile connectivity by multiple methods: wi-fi connections using roof top antennae, copper connections using phone lines or cable TV connections. Sify also started providing internet network connectivity for business enterprises in India. Sify set up a chain of franchised internet cafes (today a network of over 3,300+ cybercafes).

email