[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Multiple SQL Injection bugs in TCS website

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Multiple SQL Injection bugs in TCS website
From: Scarlet Pimpernel <kishfellow@xxxxxxxxx>
Date: Mon, 26 Feb 2007 19:17:31 -0800 (PST)

Hello list,

The website of TCS (Tata Consultancy Services) is prone to multiple SQL 
injection bugs. I already sent them an email back in December 2006. They have 
not fixed the bug just yet, so Iam going to disclose the details here.

http://kishfellow.blogspot.com

The scripts are prone to multiple XSS, and SQL bugs. A sample screenshot for a 
potential SQL injection is given in my blog.

Cheers :)
Kish

Full-Disclosure - We believe in it !


Remember there is alwayz someone who knows more than us out there

 
---------------------------------
Don't get soaked.  Take a quick peak at the forecast 
 with theYahoo! Search weather shortcut.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Kiwi CatTools TFTP server path traversal
Next by Date: Re: [Full-disclosure] Extracting files from SMB packet captures
Previous by thread: Re: [Full-disclosure] Kiwi CatTools TFTP server path traversal
Next by thread: [Full-disclosure] [ GLSA 200702-11 ] MPlayer: Buffer overflow
Index(es):
- Date
- Thread