SAS Hotel Management System user_login.asp SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : SAS Hotel Management System user_login.asp SQL Injection Vulnerability
# Published : 2010-06-15
# Author : L0rd CrusAd3r
# Previous Title : Pre Job Board Pro SQL Injection Auth Bypass Vulnerability
# Next Title : Business Classified Listing SQL Injection Vulnerability

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0
0 _ __ __ __ 1
1 /'  __ /'__` / __ /'__` 0
0 /_,  ___ /_/_   ___  ,_/ /  _ ___ 1
1 /_/  /' _ ` / /_/__<_ /'___  /    /`'__ 0
0   / /    /   / __/  _  _   / 1
1  _ _ __   ____/ ____\ __\ ____/ _ 0
0 /_//_//_/ _ /___/ /____/ /__/ /___/ /_/ 1
1  ____/ >> Exploit database separated by exploit 0
0 /___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################## 1
0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:SAS Hotel Management System SQL Vulnerable
Vendor url:http://www.sellatsite.com
Version:n/a
Price:28$
Published: 2010-06-15
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to
all ICW members.
Spl Greetz to:inj3ct0r.com Team, Andhrahackers.com

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Description:

SAS Hotel Management System reservation portal. Agents, Hotel and Resorts
owner can submit their hotels and resorts for booking. Email alerts on
rooms or resorts reservation for both buyer and owner. Website owner hotels
and resort listings will appear always on the top of the list. Website owner
hotels and resorts photo gallery. Agents and hotel owners can submit images
during registration. Powerful admin to control register hotels, agents and
their payments. 2Checkout, Paypal and Manual payment options.

Note: Listings submitted for UAE only you can start checking script by
registering your own hotel or resort.



~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQLi Vulnerability

DEMO URL :http://server/home/user_login.asp?notfound=[sqli]

# 0day n0 m0re #
# L0rd CrusAd3r #

-- 
With R3gards,
L0rd CrusAd3r