News Document Title:
====================
SQL Injection & persistent XSS on TvTotal Website [FIXED!]


Release Date:
=============
2011-09-21


Laboratory Article:
===================
The vulnerability laboratory researcher alexander fuchs discovered 2 nice bugs for the tvtotal website. 1x Cross Site Scripting & 
1x SQL Injection vulnerability on the portal website. After the patch the bugs will be published on the portal index website 
of vulnerability-lab.com In the year 2010 we discovered another critical SQL Injection vulnerability which was disclosed by Rem0ve.

Benefit: Thanks to TvTotal.de because of the 2 free tickets for the stefan raab show!

Article(Alexander Fuchs)[DE]: http://www.1337core.de/2011/tv-total-zwei-freikarten-fur-hack/