Lucene search

Ulisse's Scripts 2.6.1 ladder.php SQL Injection Vulnerability

🗓️ 07 Jan 2010 00:00:00Reported by SoraType

zdt🔗 0day.today👁 13 Views

Ulisse's Scripts 2.6.1 ladder.php SQL Injection Vulnerability, Level 4/5, critical, Windows Vista & Linux 2.6.28.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

=============================================================
Ulisse's Scripts 2.6.1 ladder.php SQL Injection Vulnerability
=============================================================


# Tested on: Windows Vista Home Premium and Linux 2.6.28.1 (Backtrack 3)
------------------------------
> Ulisse's Scripts 2.6.1 ladder.php SQL Injection Vulnerability
> Author: Sora
> Google Dork: "In your dreams, script kiddies."
 
# VULNERABILITY DESCRIPTION:
Type: SQL Injection
Level: 4/5 (CRITICAL)
 
Sora has advised that Ulisse's ladder.php file from Ulisse's Scripts 2.6.1
suffers a remote SQL injection vulnerability in the parameter 'gid'. The database inputs
are not properly sanitized.
 
# VULNERABILITY SOLUTION:
Sanitize the unsanitized database inputs in the file ladder.php.
 
# Proof of Concept: http://server/ulisse/ladder.php?gid=1'



#  0day.today [2018-03-13]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

07 Jan 2010 00:00Current

7.1High risk

Vulners AI Score7.1