Hotel & Tour Package Script v1.0 - SQL Injection

vendor:

Hotel & Tour Package Script

by:

Ihsan Sencan

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Hotel & Tour Package Script

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:eagletechnosys:hotel_and_tour_package_script

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Win7 x64, Kali Linux x64

2017

Hotel & Tour Package Script v1.0 – SQL Injection

SQL Injection vulnerability exists in Hotel & Tour Package Script v1.0 which allows an attacker to inject malicious SQL queries via the 'show', 'offer_id', 'news_id', 'page.php?id' and 'room_id' parameters. An attacker can exploit this vulnerability to gain access to sensitive information such as admin credentials, booking details, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

# # # # #
# Exploit Title: Hotel & Tour Package Script v1.0 - SQL Injection
# Google Dork: N/A
# Date: 26.03.2017
# Vendor Homepage: http://eagletechnosys.com/
# Software: http://www.eaglescripts.com/hotel-booking-script
# Demo: http://hotelbooking.phpscriptsdemo.com/
# Version: 1.0
# Tested on: Win7 x64, Kali Linux x64
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# #ihsansencan
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/?show=view_offer&offer_id=[SQL]
# http://localhost/[PATH]/view_news.php?news_id=[SQL]
# http://localhost/[PATH]/page.php?id=[SQL]
# http://localhost/[PATH]/?show=view_room&room_id=[SQL]
# admin:id
# admin:username
# admin:password
# booking:id
# booking:cat_name
# Etc...
# # # # #