Ulisse’s Scripts 2.6.1 – ‘ladder.php’ SQL Injection

Exploit Database
89 阅读

作者： Sora

日期： 2010-01-07
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11048/

# Tested on: Windows Vista Home Premium and Linux 2.6.28.1 (Backtrack 3)
------------------------------
> Ulisse's Scripts 2.6.1 ladder.php SQL Injection Vulnerability
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: http://greyhathackers.wordpress.com/
> Google Dork: "In your dreams, script kiddies."

# VULNERABILITY DESCRIPTION:
Type: SQL Injection
Level: 4/5 (CRITICAL)

Sora has advised that Ulisse's ladder.php file from Ulisse's Scripts 2.6.1
suffers a remote SQL injection vulnerability in the parameter 'gid'. The database inputs
are not properly sanitized.

# VULNERABILITY SOLUTION:
Sanitize the unsanitized database inputs in the file ladder.php.

# Proof of Concept: http://server/ulisse/ladder.php?gid=1'

last Exploits
Ulisse’s Scripts 2.6.1 – ‘ladder.php’ SQL Injection的更多信息

Dream Gallery 1.0 – Cross-Site Request Forgery (Add Admin)：
Joomla! Component com_solution – SQL Injection：
WordPress Plugin Audio Gallery Playlist 0.12 – SQL Injection：
Huawei HG630 2 Router – Authentication Bypass：
Seagate BlackArmor NAS sg2000-2000.1331 – Remote Command Execution：
WordPress Plugin FooGallery 1.8.12 – Persistent Cross-Site Scripting：
Docmint 1.0/2.1 – ‘id’ Cross-Site Scripting：
Webspell wCMS-Clanscript4.01.02net – static Blind SQL Injection：