header-logo
Suggest Exploit
vendor:
Easy Travel Portal
by:
underground-stockholm.com
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Easy Travel Portal
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: YES
Related CWE: CVE-2009-4010
CPE: a:softwebsnepal:easy_travel_portal:2.0
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

Easy Travel Portal “travelbycountry.asp” SQL Injection Vulnerability

This vulnerability allows an attacker to inject arbitrary SQL code into the vulnerable application. The vulnerability exists due to the lack of proper input validation in the "travelbycountry.asp" script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL code to the vulnerable application.

Mitigation:

The vendor has released a patch to address this vulnerability. The patch can be downloaded from the vendor's website. Additionally, users should ensure that all input is properly validated before being used in any SQL queries.
Source

Exploit-DB raw data:

TITLE: Easy Travel Portal "travelbycountry.asp" SQL Injection Vulnerability
PRODUCT: Easy Travel Portal v2
PRODUCT URL: http://www.softwebsnepal.com/travel_website_progamming_portal.htm
RESEARCHERS: underground-stockholm.com
RESEARCHERS URL: http://underground-stockholm.com/

VULN:

http://[host]/[path]/travelbycountry.asp?country=China%27%20union%20insect

Navigation

Suggest Exploit

Services By CQR