/home/masacre/docker_data/git/travel-agency/README.md:16 Password 'admin' found in URL inside 'Password: admin'.

/home/masacre/docker_data/git/travel-agency/styles/style.css:81 Password ''$c_pass'' found in URL inside 'select * from customers where customer_pass='$c_pass' AND customer_email='$c_email''.

/home/masacre/docker_data/git/travel-agency/styles/style.css:81 Password ''$c_pass'' found in URL inside 'select * from customers where customer_pass='$c_pass' AND customer_email='$c_email''.

/home/masacre/docker_data/git/travel-agency/styles/style.css:51 Password '</td>' found in URL inside '"</td> </tr> <tr> <td align="right">Password:</td> <td><input type="password" name="c_pass" value="'.

/home/masacre/docker_data/git/travel-agency/styles/style.css:133 Password ''$c_pass',' found in URL inside 'update customers set customer_name='$c_name', customer_email='$c_email', customer_pass='$c_pass', customer_city='$c_city', customer_contact='$c_contact', customer_address='$c_address' where customer_id='$customer_id''.

/home/masacre/docker_data/git/travel-agency/styles/style.css:137 Password ''$c_pass',' found in URL inside 'update customers set customer_name='$c_name', customer_email='$c_email', customer_pass='$c_pass', customer_city='$c_city', customer_contact='$c_contact', customer_address='$c_address', customer_image='$c_image' where customer_id='$customer_id''.

/home/masacre/docker_data/git/travel-agency/styles/style.css:133 Password ''$c_pass',' found in URL inside 'update customers set customer_name='$c_name', customer_email='$c_email', customer_pass='$c_pass', customer_city='$c_city', customer_contact='$c_contact', customer_address='$c_address' where customer_id='$customer_id''.

/home/masacre/docker_data/git/travel-agency/styles/style.css:137 Password ''$c_pass',' found in URL inside 'update customers set customer_name='$c_name', customer_email='$c_email', customer_pass='$c_pass', customer_city='$c_city', customer_contact='$c_contact', customer_address='$c_address', customer_image='$c_image' where customer_id='$customer_id''.

/home/masacre/docker_data/git/travel-agency/styles/style.css:133 Password ''$c_pass',' found in URL inside 'update customers set customer_name='$c_name', customer_email='$c_email', customer_pass='$c_pass', customer_city='$c_city', customer_contact='$c_contact', customer_address='$c_address' where customer_id='$customer_id''.

/home/masacre/docker_data/git/travel-agency/styles/style.css:137 Password ''$c_pass',' found in URL inside 'update customers set customer_name='$c_name', customer_email='$c_email', customer_pass='$c_pass', customer_city='$c_city', customer_contact='$c_contact', customer_address='$c_address', customer_image='$c_image' where customer_id='$customer_id''.

/home/masacre/docker_data/git/travel-agency/styles/style.css:25 Password '</td>' found in URL inside '<h2 style="text-align: center; margin-top: 20px;">Change Your Password</h2>
<form action="" method="post"> <table align="center" width="550"> <tr align="right"> <td><b>Enter current password:</td> <td><input type="password" name="current_pass" required=""></b></td> </tr> <tr align="right"> <td><b>Enter new password:</b></td> <td><input type="password" name="new_pass" required=""></td> </tr> <tr align="right"> <td><b>Re-enter new password:</b></td> <td><input type="password" name="new_pass_again" required=""></td> </tr> <tr align="right"> <td></td> <td colspan="8"><input type="submit" name="change_pass" value="Change Password"></td> </tr> </table> </form> '.

/home/masacre/docker_data/git/travel-agency/styles/style.css:33 Password ''$current_pass'' found in URL inside 'select * from customers where customer_pass='$current_pass' AND customer_email='$user''.

/home/masacre/docker_data/git/travel-agency/styles/style.css:48 Password ''$new_pass'' found in URL inside 'update customers set customer_pass='$new_pass' where customer_email='$user''.

/home/masacre/docker_data/git/travel-agency/styles/style.css:48 Password ''$new_pass'' found in URL inside 'update customers set customer_pass='$new_pass' where customer_email='$user''.

/home/masacre/docker_data/git/travel-agency/styles/style.css:33 Password ''$current_pass'' found in URL inside 'select * from customers where customer_pass='$current_pass' AND customer_email='$user''.

/home/masacre/docker_data/git/travel-agency/styles/style.css:48 Password ''$new_pass'' found in URL inside 'update customers set customer_pass='$new_pass' where customer_email='$user''.

UnknownFilename: PHP file '/home/masacre/docker_data/git/travel-agency/includes/payment.php' without PHP open tag <?php or <? could mean a code snippet or a mistake?

UnknownFilename: PHP file '/home/masacre/docker_data/git/travel-agency/includes/footer.php' without PHP open tag <?php or <? could mean a code snippet or a mistake?

UnknownFilename: PHP file '/home/masacre/docker_data/git/travel-agency/includes/header.php' without PHP open tag <?php or <? could mean a code snippet or a mistake?

UnknownFilename: PHP file '/home/masacre/docker_data/git/travel-agency/includes/navbar.php' without PHP open tag <?php or <? could mean a code snippet or a mistake?

Was not able to detect a programming language for files '/home/masacre/docker_data/git/travel-agency/README.md', '/home/masacre/docker_data/git/travel-agency/paypal.jpg', '/home/masacre/docker_data/git/travel-agency/.gitignore', '/home/masacre/docker_data/git/travel-agency/.gitattributes', '/home/masacre/docker_data/git/travel-agency/.git/description', '/home/masacre/docker_data/git/travel-agency/.git/HEAD', '/home/masacre/docker_data/git/travel-agency/.git/packed-refs', '/home/masacre/docker_data/git/travel-agency/.git/index', '/home/masacre/docker_data/git/travel-agency/.git/config', '/home/masacre/docker_data/git/travel-agency/.git/refs/remotes/origin/HEAD', '/home/masacre/docker_data/git/travel-agency/.git/refs/heads/master', ...

Finished scanning, we have 67 findings.

SQL query-like string literal 'SELECT * FROM cart WHERE ip_add='$ip'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'SELECT * FROM packages WHERE package_id='$pack_id'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'UPDATE cart SET qty='$qty'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from packages where package_id='$package_id'' contains '$', which could mean variable concaternation.

Uploaded files are handled with 'move_uploaded_file'. Could be a interesting start for research.

SQL query-like string literal 'INSERT INTO customers (customer_ip,customer_name,customer_email,customer_pass,c_passport,customer_country,customer_city,customer_contact,customer_address,customer_image) VALUES ('$ip','$c_name','$c_email','$c_pass','$c_passport','$c_country','$c_city','$c_contact','$c_address','$c_image')' contains '$', which could mean variable concaternation.

SQL query-like string literal 'SELECT * FROM cart WHERE ip_add='$ip'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'SELECT * FROM packages WHERE package_keywords LIKE '%$search_query%'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from customers where customer_pass='$c_pass' AND customer_email='$c_email'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from cart where ip_add='$ip'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from packages where package_id='$get_id'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from categories where cat_id='$pack_cat'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from types where type_id='$pack_type'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'update packages set package_cat='$package_cat', package_type='$package_type', package_title='$package_title', package_price='$package_price', package_desc='$package_desc', package_keywords='$package_keywords' where package_id='$update_id'' contains '$', which could mean variable concaternation.

Uploaded files are handled with 'move_uploaded_file'. Could be a interesting start for research.

SQL query-like string literal 'update packages set package_cat='$package_cat', package_type='$package_type', package_title='$package_title', package_price='$package_price', package_desc='$package_desc', package_image='$package_image', package_keywords='$package_keywords' where package_id='$update_id'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from categories where cat_id='$cat_id'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'update categories set cat_title='$new_cat' where cat_id='$update_id'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'update employees set emp_name='$employee_name', emp_email='$employee_email', emp_designation='$employee_designation', emp_location='$employee_location', emp_address='$employee_address', emp_contact='$employee_contact' where emp_id='$update_id'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from employees where emp_id='$get_id'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'insert into categories (cat_title) values ('$new_cat')' contains '$', which could mean variable concaternation.

SQL query-like string literal 'insert into types (type_title) values ('$new_type')' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from types where type_id='$type_id'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'update types set type_title='$new_type' where type_id='$update_id'' contains '$', which could mean variable concaternation.

Uploaded files are handled with 'move_uploaded_file'. Could be a interesting start for research.

SQL query-like string literal 'insert into employees (emp_name, emp_email, emp_designation, emp_location, emp_address, emp_contact) values ('$emp_name','$emp_email','$emp_designation','$emp_location','$emp_address','$emp_contact')' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from admins where user_email='$email' AND user_pass='$pass'' contains '$', which could mean variable concaternation.

Uploaded files are handled with 'move_uploaded_file'. Could be a interesting start for research.

SQL query-like string literal 'insert into packages (package_cat, package_type, package_title, package_price, package_desc, package_image, package_keywords) values ('$package_cat','$package_type','$package_title','$package_price','$package_desc','$package_image','$package_keywords')' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from customers where customer_email='$user'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from customers where customer_email='$user'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'update customers set customer_name='$c_name', customer_email='$c_email', customer_pass='$c_pass', customer_city='$c_city', customer_contact='$c_contact', customer_address='$c_address' where customer_id='$customer_id'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'update customers set customer_name='$c_name', customer_email='$c_email', customer_pass='$c_pass', customer_city='$c_city', customer_contact='$c_contact', customer_address='$c_address', customer_image='$c_image' where customer_id='$customer_id'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from customers where customer_pass='$current_pass' AND customer_email='$user'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'update customers set customer_pass='$new_pass' where customer_email='$user'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'SELECT * FROM cart WHERE ip_add='$ip' and p_id='$pack_id'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'INSERT INTO cart (p_id, ip_add) VALUES ('$pack_id','$ip')' contains '$', which could mean variable concaternation.

SQL query-like string literal 'SELECT * FROM cart WHERE ip_add='$ip'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'SELECT * FROM cart WHERE ip_add='$ip'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'SELECT * FROM cart WHERE ip_add='$ip'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'SELECT * FROM packages WHERE package_id='$pack_id'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'SELECT * FROM packages WHERE package_cat='$cat_id'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'SELECT * FROM packages WHERE package_type='$type_id'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from cart where ip_add='$ip' and p_id='$pack_id'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'insert into cart (p_id, ip_add) values ('$pack_id','$ip')' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from cart where ip_add='$ip'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from cart where ip_add='$ip'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from cart where ip_add='$ip'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from packages where package_id='$pack_id'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from packages where package_cat='$cat_id'' contains '$', which could mean variable concaternation.

SQL query-like string literal 'select * from packages where package_type='$type_id'' contains '$', which could mean variable concaternation.