UTStats – Cross-Site Scripting / SQL Injection / Full Path Disclosure

Exploit Database
14 阅读

作者： LuM Member

日期： 2010-06-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/13854/

# Exploit Title: UTStats XSS, SQL Injection & Full path disclosure
# Date: 13-06-2010
# Author: LuM Member
# Software Link: http://www.unrealadmin.org/forums/showthread.php?t=29786
# Version: All recent versions.
# Tested on: Windows 7 x64
# CVE : none
# Code :
There are most likely some more bugs in it. I didn't check the code in
detail.
If you check google, you see there are quite some installs.

XSS:
pages/match_report.php?mid=

Sql Injection:
index.php?p=matchp&pid='

Full Path Disclosure:
pages/servers_info.php


Greetings to LuM.

last Exploits
UTStats – Cross-Site Scripting / SQL Injection / Full Path Disclosure的更多信息

Joomla! Component Odudeprofile 2.8 – ‘profession’ SQL Injection：
Photos in Wifi 1.0.1 iOS – Arbitrary File Upload：
Smart School 6.4.1 – SQL Injection：
Nooms CMS 1.1.1 – Cross-Site Request Forgery：
Sethi Family Guestbook 3.1.8 – Cross-Site Scripting：
Blood Bank System 1.0 – Authentication Bypass：
WordPress Theme Archin 3.2 – Configuration Access：
Viscacha Forum CMS 0.8.1.1 – Multiple Vulnerabilities：