PHP Quick Arcade 3.0.21 Multiple Vulnerabilites

2010-04-27T00:00:00
ID 1337DAY-ID-12016
Type zdt
Reporter Itsecteam
Modified 2010-04-27T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===============================================
PHP Quick Arcade 3.0.21 Multiple Vulnerabilites
===============================================

PHP Quick Arcade 3.0.21 Multiple Vulnerabilites
-----------------------------------------------------------
#Title: PHP-Quick-Arcade 3.0.21 Multiple Vulnerabilites
#Vendor: http://quickarcade.jcink.com/
-----------------------------------------------------------
#AUTHOR: ITSecTeam
#Email: [email protected]
#Website: http://www.itsecteam.com
#Forum : http://forum.ITSecTeam.com
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability47.htm
#Thanks: Pejvak,[email protected],r3dm0v3,[email protected]
-----------------------------------------------------------
# POC 1
-----------------------------------------------------------
www.Site.com/Arcade.php
Send Your Query With Cookie => phpqa_user_c
phpqa_user_c= Sql Injection
Can Use tamper data in mozila
-----------------------------------------------------------
# POC 2
-----------------------------------------------------------
This Bug Worked With Register_Global = On
www.Site.com/acpmoderate.php?id=Sql Injection
-----------------------------------------------------------
# POC 3
-----------------------------------------------------------
Cross Site Scripting (XSS)
www.Site.com/acpmoderate.php?serv=Xss Code



#  0day.today [2018-03-19]  #