Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22922
HistoryDec 15, 2009 - 12:00 a.m.

B2C Booking Centre Systems - SQL Injection Vulnerability

2009-12-1500:00:00
vulners.com
34
JSON

B2C Booking Centre Systems - SQL Injection Vulnerability

Name B2D Booking Centre Systems
Vendor http://www.bookingcentre.eu

Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2009-12-11

X. INDEX

I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV. SAMPLE CODE
V. FIX
VI. DISCLOSURE TIMELINE

I. ABOUT THE APPLICATION

Booking Centre Systems is a multilingual low cost and high
performance software solution for any Individual Hotel or
Hotels Group or Portal Tourist.

II. DESCRIPTION

All parameters of this application are not properly
sanitised and are affected to SQL Injection.

III. ANALYSIS

Summary:

A) SQL Injection

A) SQL Injection

All parameters are not properly sanitised and in order to
exploit they, the Magic Quotes GPG may be On.

IV. SAMPLE CODE

http://site/hotel_tiempolibre_ext.php?HotelID=4&NoticiaID=-1 UNION ALL
SELECT 1,2,3,version(),5,user(),7,8,9%23

V. FIX

No patch.

JSON