Thursday, 10 December 2009

Party Popper [www.partypopper.com.np] SQLi vulnerability

The site of Party Popper [www.partypopper.com.np] is vulnerable to SQL injection and various information can be stolen. The SQL filtering IDS are working to some extent but we can easily bypass such filters and I was able to do the same.
Anyway, this site has nothing much but still we think that such security flaws must be addressed so that nepali developers work on protecting from such vulnerabilities...
Some tables:
admin
content

Screenshot of logged admin panel:


Thanks. Admins can find the article by me at my site http://www.sampctricks.blogspot.com

No comments:

Post a Comment