trxtxx Posted January 7, 2010 Report Posted January 7, 2010 # Exploit Title: Ulisse’s Scripts 2.6.1 ladder.php SQL Injection Vulnerability# Date: January 6th, 2010# Author: Sora# Version: 2.6.1# Tested on: Windows Vista Home Premium and Linux 2.6.28.1 (Backtrack 3)——————————> Ulisse’s Scripts 2.6.1 ladder.php SQL Injection Vulnerability> Author: Sora> Contact: vhr95zw [at] hotmail [dot] com> Website: Grey Hat Hackers> Google Dork: “In your dreams, script kiddies.”# VULNERABILITY DESCRIPTION:Type: SQL InjectionLevel: 4/5 (CRITICAL)Sora has advised that Ulisse’s ladder.php file from Ulisse’s Scripts 2.6.1suffers a remote SQL injection vulnerability in the parameter ‘gid’. The database inputsare not properly sanitized.# VULNERABILITY SOLUTION:Sanitize the unsanitized database inputs in the file ladder.php.# Proof of Concept: http://www.site.com/ulisse/ladder.php?gid=1?Exemple by me + dork:"Powered by Ulisse's Scripts"Sauinurl:ladder.php?gid=RacingClan Networks - Ladder Quote
