You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to SQL Injection (SQLI) via a crafted payload to the val-email parameter in forget_password.php.
Vulnerability Type:
SQL Injection
Vendor of Product:
itsourcecode.com
Affected Product Code Base:
Online Tour and Travel Management - 1.0
Affected Component:
Online Tour and Travel Management System v1.0
Attack Type:
Remote
Attack Vectors
1. set up the application locally.
2. navigate to forget_password.php page.
3. capture the request using burpsuite or any proxy tool and save it in one file.
4.give the file to the sql map tool and specify the parmeter "email" .
5. use below sqlmap commands to verify the injection