Redbus is Largest Online Bus Ticket Agent in India. Redbus suffered with highly critical vulnerability Bsql Injection.
Vulnerable URL : http://www.redbus.in/Feedback/Thankyou.aspx?injectionVar=InjectionPayload
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Host IP: 220.127.116.11
Web Server: Microsoft-IIS/7.0
Using this exploit i was able to access DB information like tables and columns. Sorry Reader this time i can not post complete details of POC or Vulnerability
Thank you redbus for fixing this bug . I use redbus for ticketing, so I feel redbus must be more secured 😉
Special thanks to Garage4hackers Team