:: Tix.Com SQL Injection Vulnerability ::
---------------------------------------------
Website - http://www.tix.com
Vulnerable Page/Application - https://www.tix.com/Login.asp?
Date Found - 8/20/06
Date Reported - 8/22/06
Current Status - Appears to be fixed.


I. SQL Injection of https://www.tix.com/Login.asp?
---------------------------------------------
The e-mail and password fields are not properly sanitized before 
being used in an SQL query. The vulnerable application is "Login.asp".
Once an attacker has saved the page's source and removed the JavaScript
e-mail and password validation, SQL can be directly put in to those fields.
A simple " 'having 1=1-- " (while the JavaScript validation is still active)
in the e-mail field reveals SQL Database errors that point and eventually 
lead to the determination that it is exploitable. It reports multiple column
names. With the proper SQL statements an attacker could gain access to
user accounts and effectively gather personal user information, as well 
as have the ability order and print tickets for venues that the site sells.

II. Status
---------------------------------------------
This vulnerability has been reported to the site with promptness and
high importance.

This vulnerability *appears* to have been fixed as of September 1st, 2006.




-FxYxIxE-