Elite Gaming Ladders v3.6远程SQL注入漏洞
发布日期:2011-09-05
更新日期:2011-09-05
受影响系统:Elite Gaming Ladders Elite Gaming Ladders 3.6
描述:
Elite Gaming Ladders是在线战争游戏、联赛脚本供应商。
Elite Gaming Ladders在实现上存在SQL注入漏洞,远程攻击者可利用此漏洞非授权操作数据库。
<*来源:J.O
链接:
http://www.exploit-db.com/exploits/17782/
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
# Exploit Title: Elite Gaming Ladders v3.6 SQL Injection Vulnerability
# Date: 05/09/2011
# Author: J.O
# Contact:
exploit@m-h-a.org
# Website:
http://www.m-h-a.org
# From : Morocco
----------------------------------------
> Elite Gaming Ladders v3.6 SQL Injection Exploit
> Vendor:
http://eliteladders.com/
> Download : ------------------
> Price : $174.95
> Language : PHP
> Version: 3.6
> Category: webapps
> Google Dork: " Don't Be Devil :( !!! "
----------------------------------------
# Vulnerability Description:
Elite Gaming Ladders v3.6 suffers a remote SQL injection exploit
# Solution:
Sanitize the database inputs or block the bad words (UNION SELECT, UNION SELECT ALL, /*, --)
# Proof of Concept:
http://site.com/ladders.php?platform=( Injection )
----------------------------------------
Greetz To : Icedhell , Hakykaz .... & All Maghreb.Hacking.Association Members ( white Hats )
We Just L0v3 Security .
建议:
厂商补丁:
Elite Gaming Ladders
--------------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://eliteladders.com/浏览次数:2843
严重程度:0(网友投票)
