a possible SQL injection victim?
check out this page: http://indiavilas.com/indiainfo/pincodes.asp
I suspect this one's vulnerable to SQL injection.. this has some useful info.. lists all the PIN codes in India..
but well, seems very vulnerable.. I dint try to get any 'confidential' stuff out :D in fact I dont even think there's any ;)
but you can get real nasty wit it.. I suspect you could do some stuff like... well, lemme try to be a lil creative..
hmm.. nope.. a lil correction.. I meant destructive >:)
guess you could ask the DB to drop some tables/databases and I expect it to obey you ;)
I'm not giving any ideas, am I?
n btw, I havent checked it in a long time.. maybe they've fixed it by now coz I informed them about my suspicion.. it's been well over 15 days since I informed them.. but well, if they havent fixed it, then I think the site aint worth its life >:)
my only sentiment against getitng nasty is that it has some valuable data and it hurts to think abt destroying it :D couldn't find a better collection of PIN codes elsewhere..