Security Advisories | SQL Injection | MSN SQL Injection Vulnerability
Vendor: MSN
Web Site Affected: http://server1.msn.co.in/wallpaper/userchoose.asp
Type: SQL Injection
Severity: Critical
Date released: 29th December 2005
I. Description
A SQL Injection Vulnerability has been reported in the MSN India Web site. The Vulnerability allows an attacker to run arbitrary query on the MSN SQL server. It also reveals some crucial information regarding the database which includes Server name, Database name, and Table name, etc.
Screenshots:
The screenshots can be viewed here


II. Impact
The vulnerability allows an attacker to run an arbitrary query on the SQL server
III. Solution
Vendor has been notified.
Vendor's Response
Microsoft responded immediately, and removed the vulnerable pages from the MSN website.