供应商主页:http://virtualairlinesmanager.net
软件链接:https://virtualairlinesmanager.net/index.php/vam-releases/
版本:2.6.2
测试:Ubuntu 19.04
代码语言:javascript复制[1]易受攻击的GET参数:notam_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=notam¬am_id=[SQLi]
[2] 易受攻击的GET参数:airport=[SQLi]
[PoC] http://localhost/vam/index.php?page=airport_info&airport=[SQLi]
[3]易受攻击的GET参数:registry_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=plane_info_public®istry_id=[SQLi]
[4] 易受攻击的GET参数:plane_location=[SQLi]
[PoC] http://localhost/vam/index.php?page=fleet_public&plane_location=[SQLi]
[5]易受攻击的GET参数:hub_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=hub&hub_id=[SQLi]
[6]易受攻击的GET参数:pilot_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=pilot_details&pilot_id=[SQLi]
[7]易受攻击的GET参数:registry_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=plane_info_public®istry_id=[SQLi]
[8] 易受攻击的GET参数:event_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=event&event_id=[SQLi]
[9] 漏洞GET参数:tour_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=tour_detail&tour_id=[SQLi]
