BlackNova Traders SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1045598 漏洞类型
发布时间 2013-02-13 更新时间 2013-02-13
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2013020089
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
BlackNova Traders (SQL Injection) Vulnerability
 
       Software : BlackNova                                                             
       Date     : 2/12/2013                                            
       Vendor   : http://blacknova.net/
	   Download : http://sourceforge.net/projects/blacknova/            
       Language : PHP
	   Tested on: Windows OS + Apache Server
       Author   : ITTIHACK  
       Home     : http://ittihack.com                                                           
                                                                                                                        

Description

      BlackNova Traders is a web-based, multi-player space exploration game inspired by the
      popular BBS game of TradeWars. It is coded using PHP, SQL, and Javascript.     
       
	      
	   
	   Vulnerable File:  news.php 
	   Line# 43       : if (array_key_exists('startdate', $_GET) && ($_GET['startdate'] != ''))

            
       Exploit:
       http://localhost/bnt/news.php?startdate=2013/02/11[SQLi]
           
		   
 Free Syria