Most of us know about Ekantipur.com, online news portal of kantipur daily newspaper. They recently came with new design and development & I was hoping to see securely coded website but I was still able to find some holes in the website. There is a SQL injection vuln in the site of kantipur daily which can be used to potentially dump the DB & then the admin panel can be compromised and possibly we can get shell in the site..
I hope they will soon fix it.. & if they want to get the information of the vulnerability, I would be happy to help them.
Database tables in the current DB:
» daily_updates
» ek_categories
» ek_gallary_comments
» ek_gallary_images
» ek_gallery_image_rating
» ek_news
» ek_news_comments
» ek_news_gallary
» ek_news_gallary_details
» ek_news_keywords
» ek_news_keywords_list
» ek_news_ratings
» ek_news_reporter_list
» ek_news_reporters
» ek_photo_features
» ek_photo_gallary
» ek_sub_categories
» ekn_categories
» ekn_gallary_comments
» ekn_gallary_images
» ekn_gallery_image_rating
» ekn_news
» ekn_news_comments
» ekn_news_gallary
» ekn_news_gallary_details
» ekn_news_keywords
» ekn_news_keywords_list
» ekn_news_ratings
» ekn_news_reporter_list
» ekn_news_reporters
» ekn_photo_features
» ekn_photo_gallary
» ekn_photo_gallary_details
» ekn_sub_categories
» exchange_rates
» horoscope
» horoscope_reading
» horroscope
» kan_categories
» kan_gallary_images
» kan_main_photo
» kan_news
» kan_news_author_list
» kan_news_comments
» kan_news_gallary
» kan_news_gallary_details
» kan_news_keywords
» kan_news_keywords_list
» kan_news_ratings
» kan_news_reporter_list
» kan_news_reporters
» kan_photo_features
» kan_photo_gallary
» kan_photo_gallary_details
» kan_sub_categories
» kq_categories
» kq_gallary_images
» kq_issue
» kq_main_photo
» kq_news
» kq_news_author_list
» kq_news_authors
» kq_news_comments
» kq_news_gallary
» kq_news_gallary_details
» kq_news_keywords
» kq_news_keywords_list
» kq_news_ratings
» kq_photo_features
» kq_photo_gallary
» kq_photo_gallary_details
» kq_sub_categories
» login_records
» models
» models_gallery_images
» nar_categories
» nar_gallary_images
» nar_issue
» nar_news
» nar_news_author_list
» nar_news_authors
» nar_news_comments
» nar_news_gallary
» nar_news_gallary_details
» nar_news_keywords
» nar_news_keywords_list
» nar_news_ratings
» nar_photo_features
» nar_photo_gallary
» nar_photo_gallary_details
» nar_sub_categories
» nep_categories
» nep_gallary_images
» nep_issue
» nep_news
» nep_news_author_list
» nep_news_authors
» nep_news_comments
» nep_news_gallary
» nep_news_gallary_details
» nep_news_keywords
» nep_news_keywords_list
» nep_news_ratings
» nep_photo_features
» nep_photo_gallary
» nep_sub_categories
» nepa_year
» nepse_chart
» news_agency
» news_keywords
» news_status
» news_types
» papers
» photo_gallary_details
» poll_option
» poll_ques
» privilege
» ratings
» sap_blow_up
» sap_categories
» sap_gallary_images
» sap_issue
» sap_news
» sap_news_author_list
» sap_news_authors
» sap_news_comments
» sap_news_gallary
» sap_news_gallary_details
» sap_news_keywords
» sap_news_keywords_list
» sap_news_ratings
» sap_photo_features
» sap_photo_gallary
» sap_photo_gallary_details
» sap_sub_categories
» stock_trading_companies
» tithi
» tkp_categories
» tkp_gallary_images
» tkp_main_photo
» tkp_news
» tkp_news_comments
» tkp_news_gallary
» tkp_news_gallary_details
» tkp_news_keywords
» tkp_news_keywords_list
» tkp_news_ratings
» tkp_news_reporter_list
» tkp_news_reporters
» tkp_photo_features
» tkp_photo_gallary
» tkp_photo_gallary_details
» tkp_sub_categories
» user_paper_privileges
» user_type_privileges
» user_types
» users
» video_categories
» videos
» weather_details
» weather_place
» wp_1_comments
» wp_1_links
» wp_1_options
» wp_1_postmeta
» wp_1_posts
» wp_1_term_relationships
» wp_1_term_taxonomy
» wp_1_terms
» wp_blog_versions
» wp_blogs
» wp_registration_log
» wp_signups
» wp_site
» wp_sitecategories
» wp_sitemeta
» wp_usermeta
» wp_users
No other dumps made over here for the reason of security. Hope they will secure it.
Thank you.