Surat Diamond Blind SQL Injection

2009-02-01T00:00:00
ID PACKETSTORM:74525
Type packetstorm
Reporter Arvind Kumar
Modified 2009-02-01T00:00:00

Description

                                        
                                            `Blind sql injection found at  
  
  
URL: http://www.suratdiamond.com/prod_criteria.aspx  
Entity: matid  
Security Risk: It is possible to view, modify or delete database entries and  
tables  
  
  
Below are the tables found on the database  
admin  
uid user_name user_pass  
1 admin (removed)  
  
brochureimage  
  
  
Carat  
  
  
Cart_Master  
  
  
Category_Master  
  
  
Clarity  
  
  
color_master  
  
  
country  
  
  
Courier_Master  
  
  
Creditcard_Master  
  
  
current_content  
  
  
customerorder_shippingaddress  
  
  
Customers  
  
  
customorderdetails  
  
  
CustomOrders  
  
  
Cuts  
  
  
denomination_master  
  
  
designengagementimage  
  
  
details  
  
  
dtproperties  
  
  
Extra_Category  
  
  
Extracat_Images  
  
  
FAQ  
  
  
FaqCategory  
  
  
feedback  
  
  
feedbackN  
  
  
Final_Order  
`