[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PizzaInn_Project SQL Injection Vulnerability

Author
vinicius777
Risk
[
Security Risk High
]
0day-ID
0day-ID-21795
Category
web applications
Date add
23-01-2014
Platform
php
##########################################################################
[+] Exploit: PizzaInn_Project - SQL Injection                            #
[+] Author: vinicius777                                  #
[+] Contact: vinicius777 [AT] gmail  @vinicius777_                       #                  
[+] Vendor Homepage: http://sourceforge.net/projects/restaurantmis/      #
##########################################################################
 
   
  
[1] Sql Injection Time Based Blind
 
PoC:  http://127.0.0.1/reserve-exec.php?id=1' [SQL Injection]
 
 
Vulnerable Code:
[+] reserve-exec.php
 
 
            $id = $_GET['id'];
            $qry = "INSERT INTO reservations_details(member_id,table_id,partyhall_id,Reserve_Date,Reserve_Time,table_flag,partyhall_flag) VALUES('$id','$table_id','$partyhall_id','$date','$time','$table_flag','$partyhall_flag')";
            mysql_query($qry)
 
 
 
#
#
# Greetz to g0tm1lk and TheColonial.

#  0day.today [2024-11-16]  #