SAS Hotel Management System – ‘notfound’ SQL Injection

• Exploit Database
• 5 阅读

• 作者： L0rd CrusAd3r
  日期： 2010-06-15
• 类别：

  • webapps
  平台：

  • asp
• 来源：https://www.exploit-db.com/exploits/13882/

• 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0
  0 _ __ __ __ 1
  1 /' \ __ /'__`\ /\ \__ /'__`\ 0
  0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
  1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
  0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
  1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
  0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
  1 \ \____/ >> Exploit database separated by exploit 0
  0 \/___/ type (local, remote, DoS, etc.) 1
  1 1
  0 [+] Site : Inj3ct0r.com 0
  1 [+] Support e-mail : submit[at]inj3ct0r.com 1
  0 0
  1 ########################################## 1
  0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1
  1 ########################################## 0
  0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
  
  Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
  Exploit Title:SAS Hotel Management System SQL Vulnerable
  Vendor url:http://www.sellatsite.com
  Version:n/a
  Price:28$
  Published: 2010-06-15
  Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to
  all ICW members.
  Spl Greetz to:inj3ct0r.com Team, Andhrahackers.com
  
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  
  Description:
  
  SAS Hotel Management System reservation portal. Agents, Hotel and Resorts
  owner can submit their hotels and resorts for booking. Email alerts on
  rooms or resorts reservation for both buyer and owner. Website owner hotels
  and resort listings will appear always on the top of the list. Website owner
  hotels and resorts photo gallery. Agents and hotel owners can submit images
  during registration. Powerful admin to control register hotels, agents and
  their payments. 2Checkout, Paypal and Manual payment options.
  
  Note: Listings submitted for UAE only you can start checking script by
  registering your own hotel or resort.
  
  
  
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  
  Vulnerability:
  
  *SQLi Vulnerability
  
  DEMO URL :http://server/home/user_login.asp?notfound=[sqli]
  
  # 0day n0 m0re #
  # L0rd CrusAd3r #
  
  -- 
  With R3gards,
  L0rd CrusAd3r