WHID 2006-27: SQL Injection in incredibleindia.org

www.incredibleindia.org is official Indian government tourism website.


The researcher has found that the parameter PageID in the page ms_Page.asp is vulnerable to SQL injection. He further tested that SQL error messages enable standard probing methods for finding out the number of columns and their type work.

Additional information:

• SQL Injection in incredibleindia.org [Susam Pal, Apr 16 2006]