CVE-2023-43371
📋 TL;DR
CVE-2023-43371 is a critical SQL injection vulnerability in Hoteldruid v3.0.5 that allows attackers to execute arbitrary SQL commands via the numcaselle parameter in the creaprezzi.php endpoint. This affects all systems running the vulnerable version of Hoteldruid, potentially exposing sensitive hotel management data.
💻 Affected Systems
- Hoteldruid
📦 What is this software?
Hoteldruid by Digitaldruid
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data manipulation, authentication bypass, and potential remote code execution if database functions allow it.
Likely Case
Unauthorized access to sensitive hotel guest data, reservation information, and potential financial data exposure.
If Mitigated
Limited impact with proper input validation and parameterized queries preventing SQL injection.
🎯 Exploit Status
The vulnerability requires no authentication and has public proof-of-concept available. Exploitation is straightforward for attackers with basic SQL injection knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: No official vendor advisory found
Restart Required: No
Instructions:
1. Check for updated version from Hoteldruid vendor
2. Apply patch if available
3. If no patch, implement workarounds immediately
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict input validation for the numcaselle parameter to only accept expected numeric values
Modify /hoteldruid/creaprezzi.php to validate numcaselle parameter using is_numeric() or similar validation
Web Application Firewall (WAF)
allDeploy WAF rules to block SQL injection attempts targeting the creaprezzi.php endpoint
Configure WAF to block requests containing SQL keywords in numcaselle parameter
🧯 If You Can't Patch
- Implement network segmentation to restrict access to Hoteldruid application
- Deploy intrusion detection systems to monitor for SQL injection attempts
🔍 How to Verify
Check if Vulnerable:
Test the /hoteldruid/creaprezzi.php endpoint with SQL injection payloads in the numcaselle parameterCheck Version:
Check Hoteldruid version in application interface or configuration filesVerify Fix Applied:
Test with SQL injection payloads after implementing fixes to ensure they are blocked📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in application logs
- Multiple failed login attempts following SQL injection patterns
Network Indicators:
- HTTP requests to creaprezzi.php with SQL keywords in parameters
- Unusual database query patterns
SIEM Query:
source="web_logs" AND uri="/hoteldruid/creaprezzi.php" AND (param="numcaselle" AND value CONTAINS "UNION" OR value CONTAINS "SELECT" OR value CONTAINS "OR")