14 DAY TRIAL // Alexander Fuchs, one of the researchers of the Vulnerability Lab, identified two high severity SQL Injection flaws on the official website of the Indianapolis Super Bowl 2012 (indianapolissuperbowl.com).
Estimated as being critical risk vulnerabilities, they could allow an attacker to execute SQL commands via a remote SQL injection.
The security hole was reported to the site’s administrators on the day of the big game, the issue being taken care of sometime between then and February 10, when the weakness was publicly disclosed.
The presence of the vulnerability was a cause for concern because, even though the game passed, there were a lot of Internet users that still visited the site, turning them all into potential victims in case a cybercriminal spotted the flaw and decided to take advantage of it.