Main Advertising vulnerable to SQLI by lionaneesh !
The Hacker News

One of the best advertising companies in the world which is even used by megaupload is vulnerable to SQLi.
What I can do [Power]:-

Loinaneesh found a database in which the hits to a particular link was entered (this is most probably used for counting the revenue). I can change and increase or decrease the ad revenue of a particular site.
Target:
DATABASE :
MSSQL 2005
Method:
GET

DATABASE : portals
DATABASE : PDATAortals
Table Name
Columns
Formats
domain_new
Categories
domains
bannersImp1
sampleAPP
bannersImp
change
articleGroups
t_jiaozhu
specialTables
TablesLinks
tabella1
Gestionale
contents
Luckypot
Totalementfemme
OfferPages
OfferCategory
offersUK
DisplayImp
display
articles
winawin
Admas
SoapDGT
dtproperties
Impression
Banners
rubricatest
searchOff
myShoppoint
avatar
tracking
ShoppointCom
tablesImp
TableGroups
SitesPages
Guestbook
SitesDomain
Sites
URL siteName Image idDomains ID Date checkit Active
Search
Programs
pages
News
landingPagesOffer
landingPages
DATABASE : master
DATABASE : master
Table Name
Columns
SubCategories
SessionHandle
UserDetail
WebsiteAddress UserType Status Password LogonTime LogonDate LoginID LastName ID Gender FirstName Email Country ConfirmedDate Age
MSreplication_options
spt_values
spt_monitor
tracking
tablesImp
t_jiaozhu
specialTables
searchOff
sampleAPP
rubricatest
pages
myShoppoint
landingPagesOffer
landingPages
domains
domain_new
contents
change
bannersImp1
bannersImp
avatar
articles
articleGroups
TablesLinks
TableGroups
SitesPages
SitesDomain
Sites
ShoppointCom
Search
Programs
News
Impression
Guestbook
Formats
Categories
Banners
spt_fallback_usg
spt_fallback_dev
spt_fallback_db
I have also found a table with 463526 emails and another table with 300000 emails I am not publishing these emails for confidentiality reasons..

Other databases :-
tempdb
model
msdb
reportServer
sitebuilder
email
And tons of more..

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.