In.com is the an online venture from Web18, a Network 18 group company and one of India’s online networks based in Mumbai. Available for access since August 2008. In.com has a meta-aggregator, a crawler, which works for a dynamic, and continuous mapping of the internet, from which the most searched for and relevant sites are showcased for the user. This includes reading news, blogs, feeds and information to watching videos, from listening to music to playing games, from mailing to searching for news, videos, music, games, products, holidays, marriage partners, city search, and downloads of software wallpaper and ringtones.
In.com also offers mail service, this service is compatible and comparable to leading emails service providers. The email addresses provided by this service is prefixed by in.com, known to be the smallest email address available on the net.
One of our team member has detected an active shell uploaded by a malicious attacker a long way back in IN.COM webserver which is still active/accessible and may be used to get complete access to various database contents, files & may be even result in complete defacement. The company is currently hosting various popular sub-domains like Tech2, Biztech2, Mobile18, SMS18 and many more (few sub-domains are even visible in the below second screenshot). Using the said shell web-server files/database associated with these sub domains can be directly accessed. The company is yet to remove the said shell from their web server.
Proof Of Concept
No data has been dumped neither any files has been modified/downloaded; shell has been accessed for taking few screenshots (which are shown above) so that we can make company believe that the aforesaid shell actually exist on their web server.
Since our previous communication with the company might get ignored resulting which this shell is still active on their web server. We hope, after this public disclosure company will take immediate steps to remove the said shell else keeping this shell on their webserver may prove very harmful for the company.