[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Indianapolis Superbowl 2012 - SQL Injection Vulnerabilities

To: "research@xxxxxxxxxxxxxxxxxxxxx" <research@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Indianapolis Superbowl 2012 - SQL Injection Vulnerabilities
From: Julius Kivimäki <julius.kivimaki@xxxxxxxxx>
Date: Fri, 10 Feb 2012 14:56:01 +0200

http://www.indianapolissuperbowl.com/view-release.php?id=42

2012/2/10 research@xxxxxxxxxxxxxxxxxxxxx <research@xxxxxxxxxxxxxxxxxxxxx>

> Title:
> ======
> Indianapolis Superbowl 2012 - SQL Injection Vulnerabilities
>
>
> Date:
> =====
> 2012-02-06
>
>
>
> VL-ID:
> =====
> 418
>
>
> Abstract:
> =========
> Alexander Fuchs discovered 2 remote SQL Injection Vulnerabilities on the
> official website of Indianapolis Superbowl 2012 (US).
>
>
> Status:
> ========
> Verified by Laboratory
>
>
> Severity:
> =========
> High
>
>
> Disclaimer:
> ===========
> The information provided in this advisory is provided as it is without any
> warranty. Vulnerability-Lab disclaims all warranties,
> either expressed or implied, including the warranties of merchantability
> and capability for a particular purpose. Vulnerability-
> Lab or its suppliers are not liable in any case of damage, including
> direct, indirect, incidental, consequential loss of business
> profits or special damages, even if Vulnerability-Lab or its suppliers
> have been advised of the possibility of such damages. Some
> states do not allow the exclusion or limitation of liability for
> consequential or incidental damages so the foregoing limitation
> may not apply. Any modified copy or reproduction, including partially
> usages, of this file requires authorization from Vulnerability-
> Lab. Permission to electronically redistribute this alert in its
> unmodified form is granted. All other rights, including the use of
> other media, are reserved by Vulnerability-Lab or its suppliers.
>
>                                                Copyright ©
> 2012|Vulnerability-Lab
>
>
> --
> Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
> Contact: admin@xxxxxxxxxxxxxxxxxxxxx or support@xxxxxxxxxxxxxxxxxxxxx
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Indianapolis Superbowl 2012 - SQL Injection Vulnerabilities
  - From: research@xxxxxxxxxxxxxxxxxxxxx

Prev by Date: [Full-disclosure] Astaro Security Gateway - bypass using whitelist domain pattern weakness
Next by Date: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability.
Previous by thread: [Full-disclosure] Indianapolis Superbowl 2012 - SQL Injection Vulnerabilities
Next by thread: [Full-disclosure] Astaro Security Gateway - bypass using whitelist domain pattern weakness
Index(es):
- Date
- Thread