AMTT Hotel Broadband Operation System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in AMTT Hotel Broadband Operation System version 1.0. The issue arises in the file '/manager/card/cardhand_submit.php', where the 'id' parameter is manipulated, allowing for remote exploitation. This vulnerability has been publicly disclosed, but the vendor has not responded to notifications.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, log into the backend of the application with the username 'administrator' and the password 'admin'. Once logged in, send a POST request to '/manager/card/cardhand_submit.php' with a crafted 'id' parameter that includes a SQL injection payload, such as one that exploits XML processing features to extract database information. The 'phone_edit' parameter can also be manipulated to assist in the injection.