Administrative login@China government sites

Post date: Dec 30, 2011 7:19:09 PM

I just heard about there are around 4M user records exposed in a government unit in GZ.

http://www.sc168.com.cn/.%5Cshenghuozixun%5C201112300084.htm

At the same time, I simply input a very simple query in Google:

site:gov.cn intitle:后台

I could get dump of China government web sites with their CMS (Content Management System) administrative login page. Be frank, why don't they try to put it to another server? using a secure channel to access them? In addition, some are suffering with SQL injection vulnerability for those .asp pages.

I could say, "同志們, Good Luck".不過, 香港同澳門你都唔好咁老定:)