From SQL Injection to Weak Passwords : A Deep Dive into a Tamil Nadu Government Security Flaw

The author utilised SQL injection on a Tamil Nadu government website and used SQLmap, a security testing tool, to determine it was a time-based flaw.
They were able to view user data due to a lack of validation or sanitisation of user input.
The vulnerability allowed them to access the database and logged in as an application superadmin with full control.
The database contained Personally Identifiable Information on employees, presence and absence records and the services provided, highlighting the vulnerability of the system.
The ethical hacker responsibly reported the flaw to CERT-In for remediation.
The post emphasizes the need for secure coding practices and the enforcement of strong passwords.
Any malicious usage of such commands is punishable by law.
The text encourages prioritising digital safety to prevent attacks and authentication bypasses.
Follows up with a call to connect on LinkedIn for networking purposes.

Fast Feed