Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2021-42948 PoC — HotelDruid 安全漏洞

Source
https://github.com/dhammon/HotelDruid-CVE-2021-42948
Associated Vulnerability
Title:HotelDruid 安全漏洞 (CVE-2021-42948)
Description:HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.
Readme

# CVE-2021-42948
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.

The session token used to access authenticated pages of the application is passed using GET methods generated from the head.php file.  The head.php file creates the application's menu bar to navigate to various application functions.  Every link in the menu bar exposes the session token as the value for the parameter id_sessione.

The session token plaintext is exposed in GET requests which can be intercepted by attackers through proxies, man in the middle attacks, or similar and used to hijack application user sessions.

## Remediation
The vendor has decided not to pursue a patch to remediate this vulnerability.

## Product Reference
https://www.hoteldruid.com/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42948
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →