header-logo
Suggest Exploit
vendor:
Elite Gaming Ladders
by:
Sora
9,3
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Elite Gaming Ladders
Affected Version From: 3.0
Affected Version To: 3.0
Patch Exists: Yes
Related CWE: CVE-2010-0123
CPE: a:elite_gaming_ladders:elite_gaming_ladders:3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux
2010

Elite Gaming Ladders v3.0 SQL Injection Exploit

Elite Gaming Ladders v3.0 suffers a remote SQL injection exploit (stats.php) in the 'account' parameter.

Mitigation:

Sanitize the database inputs or block the bad words. (UNION SELECT, UNION SELECT ALL, /*, --) Upgrade to the latest version of Elite Gaming Ladders v3.0.
Source

Exploit-DB raw data:

# Exploit Title: Elite Gaming Ladders v3.0 SQL Injection Exploit
# Date: January 3rd, 2010
# Author: Sora
# Version: 3.0
# Tested on: Windows and Linux

----------------------------------------
> Elite Gaming Ladders v3.0 SQL Injection Exploit
> Contact: vhr95zw [at] hotmail [dot] com
> Website: http://greyhathackers.wordpress.com/
> Google Dork: "Fuck all script kiddies."

# Vulnerability Description:
Elite Gaming Ladders v3.0 suffers a remote SQL injection exploit (stats.php) in the "account" parameter.

# Solution:
Sanitize the database inputs or block the bad words. (UNION SELECT, UNION SELECT ALL, /*, --)

# Proof of Concept:
http://www.site.com/stats.php?account=627'

Navigation

Suggest Exploit

Services By CQR