AV Arcade Free Edition (add_rating.php, id parameter) Blind SQL Injection

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : AV Arcade Free Edition (add_rating.php, id parameter) Blind SQL Injection
# Published : 2012-09-02
# Author :
# Previous Title : Hivemail Webmail Multiple Stored XSS Vulnerabilities
# Next Title : CommPort 1.01 <= Multiple Vulnerabilities

##########################################
[~] Exploit Title: AV Arcade Free Edition Blind SQL Injection
[~] Date: 31/08/2012
[~] Author: DaOne (@LibyanCA)
[~] Software Link: http://www.avscripts.net/avarcade/freearcadescript/
[~] Google Dork: intext:Powered by AV Arcade Free Edition"
##########################################

# Exploit-DB Note: Must be logged in.

[#] [ Exploit ]

http://localhost/content/add_rating.php?id=[Blind SQL Injection]


##########################################
[*] thanks to : All LibyanCA Members (^_^)
##########################################