Blog Of Sudeepa Wanigarathne - Penetration Tester/Security Researcher/Ethical Hacker

⛑️Recently one of my friend told that his mom's credit card has been unauthorizedly used by someone through the internet.At that time I used to search the reason for it. 🧰I analysised vulnerabilites on Srilankan Online Learning Websites and Commercial websites. Then I found   a Security hole called clickjacking.80% of Srilankan websites have this vulnerability. 🔧Clickjacking is an attack that tricks a web user into clicking a button, a link or a picture, etc. that the web user didn’t intend to click, typically by overlaying the web page with an iframe. This malicious technique can potentially expose confidential information or, less commonly, take control of the user’s computer. For example, on Facebook, a clickjack can lead to an unauthorized user spamming your entire network of friends from your account💊. 💉You can see below some clickjacking Vulnerable websites in Srilanka Nozero.lk Sipwinonline.lk Daraz.lk Myschool.lk 💻These 4 websites are Vulnerable to click jacking.hacker...

☢️Recently I examined the security levels of Srilankan popular websites like government/media/commercial etc. 💉And I found many Vulnerabilites in many websites. Most of websites are Vulnerable to Dos & DDos Attacks/Clickjacking/SQL Injection/Advance Cross Site Scripting Attacks etc⛑️. 🏴‍☠️I tried Dos & DDos Attacks For seconds by using bot machines. 1 . www.rupavahini.lk 💊I recently attacked a DDos to Rupavahini website for a while and at this time site displayed Error  Page.Therefore we can understand this site is Vulnerable to http flooding⚠️. 2 . Sirasatv.lk 💉You can see the output of sirasatv.lk after the Dos attack.this site have more than 20 vulnerabilites.This is a WordPress site I found the Credentials of this site also. Username is samanweb.  You can also attack this site using small dos tools like GoldenEye/Hammer/LOIC etc🖥️. 3 .trc.gov.lk 💊Here also you can see error massage with the MySQL database.most of Srilankan government website obtain services from SLT (...