Blind Sql injection [Responsible Disclosure]

July 4, 2013

Redbus is Largest Online Bus Ticket Agent in India. Redbus suffered with highly critical vulnerability Bsql Injection.

Vulnerable URL :

User-Agent:  Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)

Host IP:

Web Server: Microsoft-IIS/7.0

Powered-by: ASP.NET

Using this exploit i was able to access DB information like tables and columns.  Sorry Reader this time i can not post complete details of POC or Vulnerability

Redbus message

Thank you redbus for fixing this bug . I use redbus for ticketing, so I feel redbus must be more secured 😉

Special thanks to Garage4hackers Team

– [S]

We Provide Penetration Testing

We Provide Penetration Testing