Blind sql injection found at


URL: http://www.suratdiamond.com/prod_criteria.aspx
Entity: matid
Security Risk: It is possible to view, modify or delete database entries and
tables


Below are the tables found on the database
admin
uid    user_name    user_pass
1    admin    (removed)

brochureimage


Carat


Cart_Master


Category_Master


Clarity


color_master


country


Courier_Master


Creditcard_Master


current_content


customerorder_shippingaddress


Customers


customorderdetails


CustomOrders


Cuts


denomination_master


designengagementimage


details


dtproperties


Extra_Category


Extracat_Images


FAQ


FaqCategory


feedback


feedbackN


Final_Order