Vulnerable USA Colleges
Using the Google dorks listed below, I found 59 vulnerable
colleges. I notified them all on 12-3-13.
15 colleges fixed some or all of the vulns;
the others did nothing.
There is a lot of raw exposed SQL on the list,
which is so insane it's not even on the OWASP
Top Ten. You don't have to inject code, the
code is just plainly visible in the URL.
Another spectacular vulnerability is 26: Montserrat
College of Art, with a password exposed:
LINK -- PASSWORD
Here's an image of the injection, in case they ever fix it:
I notified them several times, and even got answers
from someone there, but nothing was fixed.
Someone found that password hash in March, but no one
seems to have cracked it yet:
Google search for hash
Summary of Colleges
SQLi Dorks Used
List of dorks: Here
Thanks to @0xAli for a helpful dork suggestion.
Googling for:
site:edu inurl:"union" inurl:"select" filetype:php
site:edu inurl:"union" inurl:"select" filetype:asp
site:edu inurl:"union" inurl:"select" filetype:aspx
site:edu inurl:"select" inurl:"from" filetype:aspx
site:edu inurl:"select" inurl:"from" filetype:asp
site:edu inurl:"select" inurl:"from" filetype:php
inurl:article.asp?ID inurl:edu
inurl:article.aspx?ID inurl:edu
inurl:".php?id=" inurl:edu
inurl:".php?q=" inurl:edu
inurl:".asp?item=" inurl:edu
inurl:".aspx?item=" inurl:edu
inurl:".php?item=" inurl:edu
inurl:".php?num=" inurl:edu
inurl:".php?num=" inurl:edu
inurl:".php?i=" inurl:edu
inurl:".php?studentid=" inurl:edu
inurl:".asp?studentid=" inurl:edu
inurl:".aspx?studentid=" inurl:edu
inurl:".aspx?facultyid=" inurl:edu
inurl:".asp?facultyid=" inurl:edu
inurl:".php?facultyid=" inurl:edu
inurl:".php?staffid=" inurl:edu
inurl:".asp?staffid=" inurl:edu
inurl:".aspx?staffid=" inurl:edu
inurl:".php?patientid=" inurl:edu
inurl:".php?classid=" inurl:edu
inurl:".asp?classid=" inurl:edu
inurl:".aspx?classid=" inurl:edu
inurl:".aspx?teacherid=" inurl:edu
inurl:".asp?teacherid=" inurl:edu
inurl:".php?teacherid=" inurl:edu
inurl:".php?pupilid=" inurl:edu
inurl:".php?sectionid=" inurl:edu
inurl:".asp?sectionid=" inurl:edu
inurl:edu "inurl:aspx?sectionid"
Vulnerable URLs
Many of these involve real live SQL injections,
adding code to the page, or revealing data
from the databases. I would not dare to experiment
with such URLs myself, since creating them would
be clearly illegal. However, I didn't create them--I
found them this way on Google.
I don't know exactly how Google finds pages like these;
perhaps they are posted in forums, or log files.
1. Alcorn State U
LINK SSL error with SQLi behind it
news@alcorn.edu chinton@alcorn.edu security@alcorn.edu
2. Atlantic Cape Community College
LINK
LINK
-- Injected Canadian Pharmacy stuff
strecken@atlantic.edu helpdesk@atlantic.edu security@atlantic.edu onlinehelp@atlantic.edu
3. Black Hills State U
LINK
Alumni@BHSU.edu admissions@bhsu.edu Cynthia.Rayso@bhsu.edu
4. Boston U
LINK FIXED, now just "Runtime Error"
security@bu.edu president@bu.edu provost@bu.edu pr@bu.edu
5. Brigham Young
LINK
vernon_heperi@byu.edu security@byu.edu deanofstudents@byu.edu academic_support@byu.edu police@byu.edu
6. Bucks County Community College
LINK -- FIXED 12-4
LINK -- FIXED 12-4
Produces strange huge page, not sure why
stephanie.shanblatt@bucks.edu andrew.lawlor@bucks.edu burakd@bucks.edu
7. California College of the Arts
LINK --
Raw exposed SQL
sbeal@cca.edu info@cca.edu security@cca.edu
8. Cleveland State U
LINK --
Raw exposed SQL
LINK
s.c.connor@csuohio.edu m.artbauer@csuohio.edu security@csuohio.edu
9. Colgate U
LINK
websupport@colgate.edu dmbarnes@colgate.edu security@colgate.edu
11. Eden Theological Seminary
LINK
dkrause@eden.edu dgreenhaw@eden.edu techsupport@eden.edu
12. Emory U
LINK
registr@emory.edu cscsc@emory.edu security@emory.edu news@emory.edu
13. Florida State U
LINK -- Raw exposed SQL
ealgoe@fsu.edu ebarron@fsu.edu emundt@admin.fsu.edu
14. Gordon State College
LINK -- RAW SQL
steve.wrigley@usg.edu Jim.James@usg.edu burns.newsome@usg.edu security@usg.edu
15. Harrisburg U
LINK -- RAW SQL
businessoffice@gordonstate.edu registrar@gordonstate.edu webmaster@gordonstate.edu mburns@gordonstate.edu
16. Harvard
LINK
LINK
LINK
president@harvard.edu
abuse@harvard.edu
security@harvard.edu
ranna_farzan@harvard.edu scott_fields@harvard.edu
17. Indiana State U
LINK
-- FIXED 12-4
president@indstate.edu karl.burgher@indstate.edu security@indstate.edu
18. Kalamazoo Valley Community College
LINK --
Raw exposed SQL - FIXED
safety@kvcc.edu it@kvcc.edu security@kvcc.edu
19. Kirkwood Community College
LINK -- Exposed SQL
it@kvcc.edu ask@kirkwood.edu melissa.jensen@kirkwood.edu
Page has beemn deleted! 8:12 pm 12-3-13
20. Lanier Technical College
LINK
rperren@laniertech.edu kminor@laniertech.edu
21. Lousiana State U
LINK
webmaster@lsu.edu alexander@lsu.edu security@lsu.edu
22. Loyola U of New orleans
LINK -- Exposed SQL
helpdesk@loyno.edu admit@loyno.edu pres@loyno.edu security@loyno.edu
23. McKendree U
LINK
inquiry@mckendree.edu jdennis@mckendree.edu security@mckendree.edu
24. Mississippi State U
LINK
president@msstate.edu Nick.Wilson@msstate.edu security@msstate.edu
25. Montclair State U
LINK -- exposed SQL
servicedesk@mail.montclair.edu helpdesk@mail.montclair.edu msupolice@mail.montclair.edu askpresident@mail.montclair.edu security@mail.montclair.edu
26. Montserrat
LINK -- RAW SQL
LINK
LINK -- PASSWORD
Password exposed!
jbroderick@montserrat.edu registrar@montserrat.edu webmaster@montserrat.edu
27. North Central College
LINK Raw SQL -- FIXED
president@noctrl.edu webmaster@noctrl.edu security@noctrl.edu
28. Northern Illinois U
LINK
-- Raw SQL
UnivInfo@niu.edu webcommunications@niu.edu security@niu.edu
29. Northwestern U
LINK --
Raw exposed SQL
webmaster@northwestern.edu nu-president@northwestern.edu security@northwestern.edu
30. Notre Dame
LINK Syntax error
LINK
LINK
security@nd.edu engineer@nd.edu provost@nd.edu president@nd.edu
31. Ohio State U
LINK
webmaster@lima.ohio-state.edu rose.9@osu.edu security@osu.edu
32. Oregon State U
LINK -- Exposed SQL
elizabeth.grubb@oregonstate.edu steve.clark@oregonstate.edu annie.athon@oregonstate.edu
33. Pulaski Tech
LINK
lparker@pulaskitech.edu tcarrigan@pulaskitech.edu security@pulaskitech.edu
34. Rochester Institute of Technology
LINK -- Exposed SQL -- FIXED
jhwbgt@rit.edu jahpro@rit.edu refuns@rit.edu hfwast@rit.edu
35. Scripps
LINK -- Exposed SQL
webmaster@scripps.edu abruner@scripps.edu security@scripps.edu
37. St Gregory's U
LINK
info@stgregorys.edu admissions@stgregorys.edu security@stgregorys.edu
38. Stevens Institute of Technology
LINK -- RAW SQL
hoberle@stevens.edu president@stevens.edu diana.colombo@stevens.edu security@stevens.edu
39. Technical College System of Georgia
LINK
-- RAW SQL
LINK
bcockfield@tcsg.edu hbates@tcsg.edu gmathis@tcsg.edu
40. Texas A & M U
LINK --
Exposed raw SQL, downloads an XML file
helpdesk@tamu.edu submit@tamu.edu webmaster@tamu.edu
41. U of Alabama
LINK -- FIXED 12-4
president@ua.edu itsd@ua.edu security@ua.edu
42. U of Alaska
LINK --
Raw exposed SQL
nkspink@alaska.edu sylegal@alaska.edu ua.president@alaska.edu
43. U of Arkansas at Little Rock
LINK FIXED
webmaster@asbtdc.ualr.edu itservices-help@ualr.edu kmoliverio@ualr.edu chancellor@ualr.edu security@ualr.edu
44. U of Chicago
LINK --
Raw exposed SQL
LINK -- FIXED
infocenter@uchicago.edu security@uchicago.edu itservices@uchicago.edu i-gould@uchicago.edu
45. U of Connecticut
LINK
president@uconn.edu generalcounsel@uconn.edu david.bauman@uconn.edu
46. U of Georgia
LINK --
Very scary, it invites me to DELETE tables -- FIXED 12-4
LINK
Raw exposed SQL
jbeckley@uga.edu security@uga.edu
abuse@uga.edu
sebailey@uga.edu
uc@uga.edu
47. U of Hawaii
LINK --
Raw exposed SQL
david.lassner@hawaii.edu donnaige@hawaii.edu nlja@hawaii.edu cbaitm@hawaii.edu
48. U of Illinois at Uabana-Champaign
LINK
InfoSource@uillinois.edu hardyt@uillinois.edu security@uillinois.edu
49. U of Maryland
LINK --
Raw exposed SQL
LINK --
Raw exposed SQL
jack@umbc.edu security@umbc.edu hrabowski@umbc.edu sparklin@umbc.edu
50. U of Maryland, Baltimore County
LINK --
Raw exposed SQL -- SERVER DOWN 12-9-13
hrabowski@umbc.edu mcdermot@umbc.edu gleason@umbc.edu security@umbc.edu
51. U of North Alabama
LINK
web@una.edu jrbritten@una.edu security@una.edu
52. U of North Carolina at Chapel Hill
LINK --
That injects a link to a Russian page via SQLi
uncinfo@unc.edu karen_moon@unc.edu chancellor@unc.edu security@unc.edu
53. U of South Carolina
LINK
schlenk@mailbox.sc.edu pastides@sc.edu security@sc.edu
54. U of Virginia
LINK
webmaster@virginia.edu md6e@virginia.edu nan9k@virginia.edu
55. U of Washington
LINK
pres@u.washington.edu provost@u.washington.edu security@u.washington.edu
56. UC Davis
LINK --
Raw exposed SQL
ietweb@ucdavis.edu chancellor@ucdavis.edu security@ucdavis.edu
57. UCLA
LINK -- RAW SQL
media@support.ucla.edu phampton@support.ucla.edu dtate@mednet.ucla.edu wyer@gseis.ucla.edu
59. Vanderbilt U
LINK
chancellor@vanderbilt.edu security@vanderbilt.edu
60. Virginia Tech
LINK --
Raw exposed SQL
LINK
LINK
security@vt.edu lperkins@vt.edu enelson@vt.edu gscales@vt.edu
61. Wabash College
LINK --
Raw exposed SQL
webmaster@wabash.edu computing@wabash.edu president@wabash.edu security@wabash.edu
62. Washington State U
LINK -- Raw SQL
LINK --
Raw exposed SQL
ccraver@co.whatcom.wa.us teward@cob.org PresidentsOffice@wsu.edu
63. Washington U in St. Louis
LINK
admissions@wustl.edu registrar@wustl.edu webteam@wustl.edu
Colleges notified on 12-3-13
Page published 12-22-13 by Sam Bowne
Background color changed 4-26-24