EIP-2026-107653

This exploit demonstrates an unauthenticated SQL injection vulnerability in Hotel Reservation System 1.0 via the 'username' parameter in the login form. The payload uses time-based blind SQLi (SLEEP) and a simple authentication bypass technique.