I write about this shit on my twitter, bu rewrite also here.
Some scammerz sell this shit on some IT Sec/Hacking Resource.
Proof ::





How 2 hack ::
Code:
http://myavscan.net/dbc.php?user_id=[SQLi]
Vuln in dbc.php here :
Code:
if(isset($_SESSION['user_id']) || isset($_COOKIE['user_id'])) {
mysql_query("update `users` 
   set `ckey`= '', `ctime`= '' 
   where `id`='$_SESSION[user_id]' OR  `id` = '$_COOKIE[user_id]'") or die(mysql_error());
}
logout.php file content:
Code:
<?php
include 'dbc.php';
logout();
?>
need set cookie here : dbc.php?user_id='[SQL] and go http://myavscan.net/logout.php....

if u have PHP Login Script v 2.3 on u'r CMS, u must patch file dbc.php with next code :
Code:
$cookieUserID = mysql_escape_string($_COOKIE['user_id']);

if(isset($_SESSION['user_id']) || isset($cookieUserID)) {
mysql_query("update `users`
set `ckey`= '', `ctime`= ''
where `id`='$_SESSION[user_id]' OR `id` = '$cookieUserID'") or die(mysql_error());
}
// google_dork: intext:"Powered by PHP Login Script"