Elite Gaming Ladders v3.6 SQL Injection Vulnerability

vendor:

Elite Gaming Ladders

by:

J.O

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Elite Gaming Ladders

Affected Version From: 3.6

Affected Version To: 3.6

Patch Exists: NO

Related CWE: N/A

CPE: eliteladders.com/ladders.php

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

Elite Gaming Ladders v3.6 SQL Injection Vulnerability

Elite Gaming Ladders v3.6 suffers a remote SQL injection exploit

Mitigation:

Sanitize the database inputs or block the bad words (UNION SELECT, UNION SELECT ALL, /*, --)

Source

Exploit-DB raw data:

# Exploit Title: Elite Gaming Ladders  v3.6 SQL Injection Vulnerability
# Date: 05/09/2011
# Author: J.O
# Contact: exploit@m-h-a.org
# Website: http://www.m-h-a.org
# From : Morocco   
----------------------------------------
> Elite Gaming Ladders v3.6 SQL Injection Exploit
> Vendor: http://eliteladders.com/
> Download : ------------------
> Price : $174.95 
> Language : PHP
> Version: 3.6
> Category: webapps 
> Google Dork: " Don't Be Devil :( !!! "
----------------------------------------
# Vulnerability Description:

Elite Gaming Ladders v3.6 suffers a remote SQL injection exploit 
 
# Solution:

Sanitize the database inputs or block the bad words (UNION SELECT, UNION SELECT ALL, /*, --)
 
# Proof of Concept:

http://site.com/ladders.php?platform=( Injection )

----------------------------------------

Greetz To : Icedhell , Hakykaz .... & All Maghreb.Hacking.Association Members ( white Hats )
We Just L0v3 Security .