vendor:
My Gaming Ladder Combo System
by:
Ihsan Sencan
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: My Gaming Ladder Combo System
Affected Version From: 7.5
Affected Version To: 7.5
Patch Exists: NO
Related CWE: N/A
CPE: a:mygamingladder:my_gaming_ladder_combo_system:7.5
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017
My Gaming Ladder Combo System 7.5 – SQL Injection
My Gaming Ladder Combo System 7.5 is vulnerable to SQL Injection. Attackers can exploit this vulnerability by sending malicious SQL queries to the vulnerable web application. This can be done by appending malicious SQL queries to the vulnerable parameters in the URL. For example, http://localhost/[PATH]/game.php?gameid=[SQL], http://localhost/[PATH]/news.php?newsid=[SQL], http://localhost/[PATH]/teams.php?teamid=[SQL], http://localhost/[PATH]/match.php?matchid=[SQL], staff, staffaccess, staffcomments, teammembers, teammembersinv, teams.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries. Additionally, parameterized queries should be used to prevent SQL injection attacks.
