Hi... :) your friend unknowndevice64 here..
today i am going to share why and how i accessed whole database of India's famous radio channel Radiomirchi.
One of my friend asked me to hack radiomirchi i don't know whether she was kidding or serious, as she told me that they are going to organize some live quiz and will gave some movie tickets for right answers/winners.
i never do the things like this (as a lots of newbie friends irritate me by requesting me to do childish stuff), but this time i was little free and i thought to Examine the whole website, i really didn't know whether they store stuff in Online Database on website or not.
but after inspecting 10-15 minute i found a critical URL:
http://www.radiomirchi.com/******************vamp.php?city_id=VUL1&randomnr=VUL2
(due to security reasons i not want to show whole URL as this is still exist and live).
this URL was vulnerable to sqli, now i think you are intelligent enough to know what to do next.
i just inject some line and accessed their whole database, a sample of Db is attached as image here.
As this post is saved in Draft from a month, now i reported this issue to admin and publish this post.
Hope They Solve And Fix This Vulnerability ASAP.
today i am going to share why and how i accessed whole database of India's famous radio channel Radiomirchi.
One of my friend asked me to hack radiomirchi i don't know whether she was kidding or serious, as she told me that they are going to organize some live quiz and will gave some movie tickets for right answers/winners.
i never do the things like this (as a lots of newbie friends irritate me by requesting me to do childish stuff), but this time i was little free and i thought to Examine the whole website, i really didn't know whether they store stuff in Online Database on website or not.
but after inspecting 10-15 minute i found a critical URL:
http://www.radiomirchi.com/******************vamp.php?city_id=VUL1&randomnr=VUL2
(due to security reasons i not want to show whole URL as this is still exist and live).
this URL was vulnerable to sqli, now i think you are intelligent enough to know what to do next.
i just inject some line and accessed their whole database, a sample of Db is attached as image here.
As this post is saved in Draft from a month, now i reported this issue to admin and publish this post.
Hope They Solve And Fix This Vulnerability ASAP.
No Comment to " How To Hack : Why And How I Hacked India's Famous Radio Channel RadioMirchi Db "