Left 4 Dead Stats 1.1 – SQL Injection

Exploit Database
114 阅读

作者： Sora

日期： 2010-01-02
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/10930/

----------------------------------
> Left 4 Dead Stats SQL Injection Vulnerability
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: http://greyhathackers.wordpress.com/
> Google Dork: "In your dreams, script kiddies."

# VULNERABILITY DESCRIPTION:
Left 4 Dead Stats suffers from a remote SQL injection vulnerability in player.php.

# VULNERABILITY SOLUTION:
The owner of the website can sanitize the database inputs.

# Proof of Concept: http://www.site.com/l4dstats/player.php?steamid='
# Greetz: Bw0mp, Popc0rn, Xermes, T3eS, Timeb0mb, [H]aruhiSuzumiya, Revelation, and Max Mafiotu.

last Exploits
Left 4 Dead Stats 1.1 – SQL Injection的更多信息

WordPress Plugin Menu Creator 1.1.7 – SQL Injection：
IPCop 2.1.9 – Remote Code Execution (RCE) (Authenticated)：
Traq 2.3 – Authentication Bypass / Remote Code Execution (Metasploit)：
Shop Creator 4.0 – SQL Injection：
jevoncms – Local/Remote File Inclusion：
FreePBX 13.0.35 – Remote Command Execution：
WSTMart 2.0.8 – Cross-Site Scripting：
phpBB 3.2.3 – Remote Code Execution：