Indianapolis Superbowl 2012 - SQL
Details:
========
1.1
A SQL Injection vulnerability is detected on the official website of Indianapolis Superbowl 2012 (US).
Remote attackers can execute own sql commands via remote orber by sql injection.

Vulnerable Modul(s):
[+] downloadRelease.php?id=

1.2
A blind SQL Injection vulnerability is detected on the official website of Indianapolis Superbowl 2012 (US).
Remote attackers can execute own sql commands via remote blind sql injection.

Vulnerable Modul(s):
[+] event-detail/?id=



by
Alexander Fuchs (f0x23)