Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Surat Diamond Blind SQL Injection

🗓️ 01 Feb 2009 00:00:00Reported by Arvind KumarType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 29 Views

Blind SQL injection found at http://www.suratdiamond.com/prod_criteria.aspx. Security risk: possible to view, modify or delete database entries and tables. Tables found on the database include admin, brochureimage, Carat, Cart_Master, Category_Master, Clarity, color_master, country, Courier_Master, Creditcard_Master, current_content, customerorder_shippingaddress, Customers, customorderdetails, CustomOrders, Cuts, denomination_master, designengagementimage, details, dtproperties, Extra_Category, Extracat_Images, FAQ, FaqCategory, feedback, feedbackN, Final_Orde

Code
`Blind sql injection found at  
  
  
URL: http://www.suratdiamond.com/prod_criteria.aspx  
Entity: matid  
Security Risk: It is possible to view, modify or delete database entries and  
tables  
  
  
Below are the tables found on the database  
admin  
uid user_name user_pass  
1 admin (removed)  
  
brochureimage  
  
  
Carat  
  
  
Cart_Master  
  
  
Category_Master  
  
  
Clarity  
  
  
color_master  
  
  
country  
  
  
Courier_Master  
  
  
Creditcard_Master  
  
  
current_content  
  
  
customerorder_shippingaddress  
  
  
Customers  
  
  
customorderdetails  
  
  
CustomOrders  
  
  
Cuts  
  
  
denomination_master  
  
  
designengagementimage  
  
  
details  
  
  
dtproperties  
  
  
Extra_Category  
  
  
Extracat_Images  
  
  
FAQ  
  
  
FaqCategory  
  
  
feedback  
  
  
feedbackN  
  
  
Final_Order  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Feb 2009 00:00Current
0.2Low risk
Vulners AI Score0.2
blind sql injectionsurat diamondsecurity riskdatabase entriestablesadmincaratcategory masterclaritycountrycreditcard mastercustomer ordercutsfaqfeedbackfinal order
29