Hotels_Server
Hotels_Server copied to clipboard
FantasticLBP
酒店预订系统后台管理系统
GET parameter 'password' appears to be 'MySQL
Poc http://114.116.xxx.xxx/Hotels_Server/controller/api/login.php?telephone=%3Cscript%3Ealert(/xss/)%3C/script%3E
In /view/hotelList.php  As you see, there are not any filtration in all ‘echo’s. Also in /controller/publishHotel.php , these are inserted into database without filtration  After all, we can...
The application uses B64 encoding for storage of password Obscuring a password with a trivial encoding does not protect the password.  https://cwe.mitre.org/data/definitions/261.html https://paragonie.com/blog/2015/08/you-wouldnt-base64-a-password-cryptography-decoded
In controller/fetchpwd.php  the parameter was added with a string "username=" ,passed to function find In the definition of function find,we can notice that though the author use PDO, he...
