Travel Agency 1.1 - 'cid' SQL Injection

EDB-ID: 44930
Author: Ashkan Moghaddas
Published: 2018-06-25
CVE: N/A
Type: Webapps
Platform: PHP
Vulnerable App: N/A

 # Data: 2018-06-23 
 # Exploit Author: Ashkan Moghaddas 
 # Tested on: Windows - Linux 
 # Google Dork: N/A 
 # CVE: N/A 
  
 # Vulnerable Page: 
 /add.city.php 
  
 # Vulnerable Source: 
 # Line20:if(isset($_GET['action']) && ($_GET['action'] == 'del')){ 
 # Line21:$delete = mysql_query("DELETE FROM destination where destination_id 
 # = '".$_GET['cid']."'"); 
  
 # POC: 
  
 http://site.com/add.city.php?cid=[SQL]

Source: www.exploit-db.com