Tuesday, April 15, 2014

PC Jeweller is vulnerable to SQL injection

PC Jeweller started operations in April 2005 with one showroom at Karol Bagh Delhi. It is a first generation business promoted by two brothers- Sh Padam Chand Gupta and Sh Balram Garg. The company, however, had a vision of expanding its presence in the retail segment .

The company's business model consists of opening large format, stand alone stores at high street locations. It's stores stock a wide range of jewelry across all price points, with an increasing focus on diamond jewellery. The company sells only hallmarked jewelry and certified diamond jewelry. This assurance on quality & purity along with transparent & customer friendly policies has enabled PCJ to become an established and trusted brand name in a short time span.

It has accordingly been opening showrooms at regular intervals and today has a strength of 41 stores spread over 33 cities.

The most valued asset is our relationship with the clients, which has been built over years by giving certified quality, latest designs, transparency in dealings and best personalized customer service. Proactive and timely research and creation of world class jewelry and also guidance to its customers to enable them to take correct purchase decisions.

The company is confident that its trust on diamond and other high margin jewellery along with customer oriented marketing initiatives would continue to help grow its top line as well as the bottom line.

Mr. Padam Chand Gupta, Chairman of the Company has our three decades experience in jewelry.

Mr. Balram Garg, Managing Director of the Company can easily be called the goodwill ambassador of this group. A man of clear vision and strong decision, Mr. Garg's approach in business rests on his belief that nothing is impossible.

 Ok, Further on tesing i found a vulnerability of SQL injection in it.

Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.

Monday, April 14, 2014

Andhra Pradesh Grameena Vikas Bank is vulnerable to SQL injection

APGVB Formation

 By amalgamation, on the 31st March 2006, of the following 5 banks, sponsored by SBI, to participate more energetically, with synergy, in the uplift and development of Rural Farm Sector and Rural Non-Farm Sector, with emphasis on the deprived, the Rural Poor, Rural ISB and Rural Crafts.

 Further on testing i found vulnerability in http://www.apgvbank.in 

Hope they will patch the vulnerability  as soon as possible.

Regards:Anshuman Kak

Thursday, April 10, 2014

Pakistan Geo Tv News is Vulnerable to XSS

Further on testing i found vulnerability in Geo TV News of Pakistan

Affected URL:   http://geo.tv/SearchNews.aspx?URL=%3Cscript%3Ealert%28%27test%27%29;%3C/script%3E

Regards: Anshuman Kak

IIPM College is Vulnerable is XSS

Founded in 1973, The Indian Institute of Planning and Management has grown to become one of the most respected business schools in South Asia . Its unique focus on national economic planning and highly researched management process control techniques has rewarded it with having the most exhaustive linkages with all facets of the corporate world. The Integrated and Full Time Programme in National Economic Planning and Entrepreneurship provided by IIPM (which are superior to standard MBA and BBA programs), alongwith IIPM's Fellowship, Executive Education (and Global Opportunities and Threats Analysis programs where students visit organizations like the United Nations (Geneva), World Bank, ILO, Nestle S.A. Vevey, IMD Lausanne, Credit Suisse etc.) have created some of the highest standards in the management field.

Further on testing i found vulnerability

Regards: Anshuman Kak