WHID 2006-27: SQL Injection in incredibleindia.org

www.incredibleindia.org is official Indian government tourism website.

The researcher has found that the parameter PageID in the page ms_Page.asp is vulnerable to SQL injection. He further tested that SQL error messages enable standard probing methods for finding out the number of columns and their type work.

Additional information:

Attack Method: 
Incident Outcome: