Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16196
HistoryFeb 27, 2007 - 12:00 a.m.

[Full-disclosure] Multiple SQL Injection bugs in TCS website

2007-02-2700:00:00
vulners.com
51

Hello list,

The website of TCS (Tata Consultancy Services) is prone to multiple SQL injection bugs. I already sent them an email back in December 2006. They have not fixed the bug just yet, so Iam going to disclose the details here.

http://kishfellow.blogspot.com

The scripts are prone to multiple XSS, and SQL bugs. A sample screenshot for a potential SQL injection is given in my blog.

Cheers :)
Kish

Full-Disclosure - We believe in it !

Remember there is alwayz someone who knows more than us out there


Don't get soaked. Take a quick peak at the forecast
with theYahoo! Search weather shortcut.