Left 4 Dead Stats 1.1 – SQL Injection

Exploit Database
10 阅读

作者： Sora

日期： 2010-01-02
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/10930/

----------------------------------
> Left 4 Dead Stats SQL Injection Vulnerability
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: http://greyhathackers.wordpress.com/
> Google Dork: "In your dreams, script kiddies."

# VULNERABILITY DESCRIPTION:
Left 4 Dead Stats suffers from a remote SQL injection vulnerability in player.php.

# VULNERABILITY SOLUTION:
The owner of the website can sanitize the database inputs.

# Proof of Concept: http://www.site.com/l4dstats/player.php?steamid='
# Greetz: Bw0mp, Popc0rn, Xermes, T3eS, Timeb0mb, [H]aruhiSuzumiya, Revelation, and Max Mafiotu.

last Exploits
Left 4 Dead Stats 1.1 – SQL Injection的更多信息

ASPSiteWare JobPost 1.0 – SQL Injection：
Tele Data’s Contact Management Server 0.9 – ‘Username’ SQL Injection：
Rivettracker 1.03 – Multiple SQL Injections：
XiongMai uc-httpd 1.0.0 – Buffer Overflow：
My Link Trader 1.1 – Authentication Bypass：
Event Calendar PHP – ‘cal_year’ Cross-Site Scripting：
webpa 1.1.0.1 – Multiple Vulnerabilities：
Alibaba Clone Platinum – ‘/buyer/index.php’ SQL Injection：