(by Anupam Saxena and Nikhil Pahwa) Update: Sulekha CEO Satya Prabhakar has sent us the following statement- "“Sulekha has recently introduced a feature in one of our services where our local business customers can upload photos for promoting their businesses. The utility that we used for allowing this self uploads mistakenly permitted the uploading of HTML files. This loophole was exploited briefly to put up a HTML page on one service homepage of Sulekha. This was promptly diagnosed and rectified. Our investigation has revealed that no user or customer data was compromised and the breach was isolated to one part of our site only. We are undertaking a thorough investigation and strengthening our protocols to prevent this from happening again." Earlier: In the last couple of months, there appears to be an increase in the hacking of Indian websites: TheHackerNews reported yesterday that Sulekha.com had been hacked and defaced by an Indian hacker Mr52. Two pages that TheHackerNews points towards - this and this - are now returning a server error. Over the last couple of months, zSecure, IT security research group, has claimed to have detected vulnerabilities in at least three Indian websites: Sify.com (screenshots), TimesOfMoney (screenshots) and brokerage house Sharekhan.com (screenshots), using an SQL injection technique. According to zSecure, a critical SQL Injection vulnerability in the website could allow an attacker to gain access to the site's entire database which contains confidential customer information. In Sify's case, it has published information of e-commerce transactions and masked passwords; in case of…
