# Website: www.iplt20.com
# (includes spoils from pulselive.com)
# Bug: XSS, and SQLi
# IPL T20 - Indian(or is it English) Premier League
# Date: 29.04.09
###################################
Vuln URL: hxxp://www.iplt20.com
Click here for SQLi demo
There were also 26 injectable spots other than this, and there's XSS in URI, Path, and Forms, can't post too many screenshots... you see ;)
What's more you can insert, update, and delete tables in their DB :))
Happy hunting, Cheers!
No comments:
Post a Comment