AV Arcade Free Edition - 'add_rating.php?id' Blind SQL Injection

EDB-ID:

21007

CVE:



Author:

DaOne

Type:

webapps


Platform:

PHP

Date:

2012-09-02


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

##########################################
[~] Exploit Title: AV Arcade Free Edition Blind SQL Injection
[~] Date: 31/08/2012
[~] Author: DaOne (@LibyanCA)
[~] Software Link: http://www.avscripts.net/avarcade/freearcadescript/
[~] Google Dork: intext:Powered by AV Arcade Free Edition"
##########################################

# Exploit-DB Note: Must be logged in.

[#] [ Exploit ]

http://localhost/content/add_rating.php?id=[Blind SQL Injection]


##########################################
[*] thanks to : All LibyanCA Members (^_^)
##########################################