Critical Sqli Vulnerability in channel [V] Website

A 16 years old White Hat Hacker "Arjun Siyag" from India discover a Critical Sqli Vulnerability in channel [V] Website (http://www.channelv.in). Proof of the hack is as shown in above image. Hacker disclose only the admin username and password, which will not effect the admin panel directly,because for login Email ID is required. 

SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organisations. It is perhaps one of the most common application layer attack techniques used today. Through SQL Injection, the hacker may input specifically crafted SQL commands with the intent of bypassing the login form barrier and seeing what lies behind it.

This is only possible if the inputs are not properly sanitised (i.e., made invulnerable) and sent directly with the SQL query to the database. SQL Injection vulnerabilities provide the means for a hacker to communicate directly to the database.

We are not disclosing the Vulnerable link for Channel's Security, if anyone from Channel [V] need assistance and Help Regarding solution of the Vulnerability, can contact us at admin@thehackernews.com.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.