Jump to content
Praetorian503

BlackNova Traders SQL Injection

By Praetorian503, in Exploituri

Recommended Posts

Praetorian503 Newbie

Praetorian503

Posted
Posted

BlackNova Traders, a web-based game similar to the BBS game TradeWars, suffers from a remote SQL injection vulnerability.

BlackNova Traders (SQL Injection) Vulnerability

       Software : BlackNova                                                             
       Date     : 2/12/2013                                            
       Vendor   : http://blacknova.net/
     Download : http://sourceforge.net/projects/blacknova/            
       Language : PHP
     Tested on: Windows OS + Apache Server
       Author   : ITTIHACK  
       Home     : http://ittihack.com                                                           


Description

      BlackNova Traders is a web-based, multi-player space exploration game inspired by the
      popular BBS game of TradeWars. It is coded using PHP, SQL, and Javascript.     



     Vulnerable File:  news.php 
     Line# 43       : if (array_key_exists('startdate', $_GET) && ($_GET['startdate'] != ''))


       Exploit:
       http://localhost/bnt/news.php?startdate=2013/02/11[SQLi]


 Free Syria

Source: PacketStorm

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...