<Thread> @BSNLCorporate is an Indian state-owned telecommunications company. Security is not really their thing... Here the summary of the issues I found
-
-
1) There was a SQL injection in their intranet website. It allows the attacker to dump the all database of the BSNL intranet. It contains the information of 47K+ BSNL employees, Senior officiers' information, BNSL administrators information, retired employee details and more.pic.twitter.com/HTEwtC63wp
Show this thread -
I found this issue a few days ago, but I'm not the first one to discover this issue. This issue had been discovered by a fellow Indian,
@kmskrishna, 2 years ago. He sent mails to BSNL, even called senior officiers, but nobody answered him...pic.twitter.com/iN5mPr1EKs
Show this thread -
2) http://intranetuk.bsnl.co.in had been attacked by a ransomware. They didn’t even notice…pic.twitter.com/3AfP0OZzdG
Show this thread -
3) http://intranethr.bsnl.co.in had been attacked by a ransomware. They didn’t even notice…pic.twitter.com/vNY2ADeaPi
Show this thread -
4) A monitoring bandwidth system was accessible publicly.pic.twitter.com/LVSHJTNwZE
Show this thread -
Their websites had a lot of open directories which allowed everybody to consult their documents: - http://intranethr.bsnl.co.in/new_2016/digital_lib … - http://intranetuk.bsnl.co.in/webdocument - http://calcutta.bsnl.co.in/BB - http://rttckalyani.bsnl.co.in/highslide pic.twitter.com/xjzWkt2lt1
Show this thread -
New conversation -
-
-
Thats achievement. To make Govt employees work over weekend like Pvt IT guys do
.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
"All the issues below have been disclosed to them privately and fixed during the weekend" I find that quite impressive, don't you? That too, when weekends are holidays.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.