Redbus is Largest Online Bus Ticket Agent in India. Redbus suffered with highly critical vulnerability Bsql Injection.

Code:
Vulnerable URL :  http://www.redbus.in/Feedback/Thankyou.aspx?injectionVar=InjectionPayload
User-Agent:  Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Host IP: 175.41.131.205
Web Server: Microsoft-IIS/7.0
Powered-by: ASP.NET
Using this vulnerability , any one can access complete Database. Sorry Reader this time i am restricted post complete details of POC.

Name:  redbus.png
Views: 412
Size:  10.9 KB

Thank you redbus for fixing this bug . I use redbus for ticketing, so I feel redbus must be more secured

Special thanks to Garage4hackers Team

- [S]

Blind Sql injection Redbus.in [Responsible Disclosure] | root@sandeepkl337-ZH:~# _ A Bug Has To Be Fixed