Elite Gaming Ladders 3.6 – SQL Injection - 体验盒子

作者： J.O

日期： 2011-09-05

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/17782/

# Exploit Title: Elite Gaming Laddersv3.6 SQL Injection Vulnerability
# Date: 05/09/2011
# Author: J.O
# Contact: exploit@m-h-a.org
# Website: http://www.m-h-a.org
# From : Morocco 
----------------------------------------
> Elite Gaming Ladders v3.6 SQL Injection Exploit
> Vendor: http://eliteladders.com/
> Download : ------------------
> Price : $174.95 
> Language : PHP
> Version: 3.6
> Category: webapps 
> Google Dork: " Don't Be Devil :( !!! "
----------------------------------------
# Vulnerability Description:

Elite Gaming Ladders v3.6 suffers a remote SQL injection exploit 
 
# Solution:

Sanitize the database inputs or block the bad words (UNION SELECT, UNION SELECT ALL, /*, --)
 
# Proof of Concept:

http://site.com/ladders.php?platform=( Injection )

----------------------------------------

Greetz To : Icedhell , Hakykaz .... & All Maghreb.Hacking.Association Members ( white Hats )
We Just L0v3 Security .