B2C Booking Centre Systems - SQL Injection Vulnerability

2009.12.25
Credit: Salvatore Fresta
Risk: High
Local: No
Remote: Yes
CVE: CVE-2009-4386
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

B2C Booking Centre Systems - SQL Injection Vulnerability Name B2D Booking Centre Systems Vendor http://www.bookingcentre.eu Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta [at] gmail [dot] com Date 2009-12-11 X. INDEX I. ABOUT THE APPLICATION II. DESCRIPTION III. ANALYSIS IV. SAMPLE CODE V. FIX VI. DISCLOSURE TIMELINE I. ABOUT THE APPLICATION Booking Centre Systems is a multilingual low cost and high performance software solution for any Individual Hotel or Hotels Group or Portal Tourist. II. DESCRIPTION All parameters of this application are not properly sanitised and are affected to SQL Injection. III. ANALYSIS Summary: A) SQL Injection A) SQL Injection All parameters are not properly sanitised and in order to exploit they, the Magic Quotes GPG may be On. IV. SAMPLE CODE http://site/hotel_tiempolibre_ext.php?HotelID=4&NoticiaID=-1 UNION ALL SELECT 1,2,3,version(),5,user(),7,8,9%23 V. FIX No patch.

References:

http://www.vupen.com/english/advisories/2009/3538
http://www.securityfocus.com/archive/1/archive/1/508429/100/0/threaded
http://www.exploit-db.com/exploits/10393
http://secunia.com/advisories/32430
http://packetstormsecurity.org/0912-exploits/b2cbcs-sql.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top