Arsenal.com Sql injection vulnerability+Arsenal club Users credentials ('passwords and emails')

Wednesday, March 16, 2016



I have found a Blind Sql injection in the arsenal club website ,so i reported it to them,they didn't respond so why would i care ,i can take over the web site by now but i will just leak the users information ,so may be now they will notice some thing .

SQLI FOUND IN : http://cn.arsenal.com/newsdetail.php?id=%Inject_Here%494if you want to see the users emails and passwords hit this LINK

No comments:

Post a Comment

 
Copyright © 2016. Haribansh's Blog.
Design by Herdiansyah Hamzah. & Distributed by Free Blogger Templates
Creative Commons License