id: arcade-php-sqli info: name: Arcade.php - SQL Injection author: MaStErChO severity: high description: | The arcade.php script is vulnerable to SQL injection. By exploiting this vulnerability, an attacker can manipulate the SQL queries executed by the script, potentially gaining unauthorized access to the database. reference: - https://www.exploit-db.com/exploits/29604 - https://github.com/OWASP/vbscan/ metadata: verified: true max-request: 1 tags: arcade,php,vbulletin,sqli http: - method: GET path: - "{{BaseURL}}/arcade.php?act=Arcade&do=stats&comment=a&s_id=1'" host-redirects: true max-redirects: 3 matchers-condition: and matchers: - type: word part: body words: - "mySQL query error" - type: status status: - 200 # digest: 4a0a00473045022100d921ed65aad7228dd34b61a61b1e26457c3174f80ff57bf5657b31b756ad0e0f02206aa79bc110845dd8b682005cfbd94ddc22e705505ea016f0f67e9700bda21330:922c64590222798bb761d5b6d8e72950