Tuesday, June 12, 2012

Critical SQL Vulnerability in channel [V] Website


A 16 years old White Hat Hacker "Arjun Siyag" from India discover a Critical Sqli Vulnerability in channel [V] Website (http://www.channelv.in). Proof of the hack is as shown in above image. Hacker disclose only the admin username and password, which will not effect the admin panel directly,because for login Email ID is required. 
SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organisations. It is perhaps one of the most common application layer attack techniques used today. Through SQL Injection, the hacker may input specifically crafted SQL commands with the intent of bypassing the login form barrier and seeing what lies behind it.

This is only possible if the inputs are not properly sanitised (i.e., made invulnerable) and sent directly with the SQL query to the database. SQL Injection vulnerabilities provide the means for a hacker to communicate directly to the database.

No comments:

Post a Comment

Please Stop Spamming , Swearing And Abusing.

Recommended Post Slide Out For Blogger