Left 4 Dead Stats 1.1 SQL Injection Vulnerability

# Exploit Title: Left 4 Dead Stats 1.1 SQL Injection Vulnerability
# Date: January 2nd, 2010
# Author: Sora
# Software Link: http://forums.alliedmods.net/attachment.php?attachmentid=36373&d=1233115693
# Version: 1.1
# Tested on: Windows

———————————-
> Left 4 Dead Stats SQL Injection Vulnerability
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: http://greyhathackers.wordpress.com/
> Google Dork: “In your dreams, script kiddies.”

# VULNERABILITY DESCRIPTION:
Left 4 Dead Stats suffers from a remote SQL injection vulnerability in player.php.

# VULNERABILITY SOLUTION:
The owner of the website can sanitize the database inputs.

# Proof of Concept: http://www.site.com/l4dstats/player.php?steamid=’
# Greetz: Bw0mp, Popc0rn, Xermes, T3eS, Timeb0mb, [H]aruhiSuzumiya, Revelation, and Max Mafiotu.

About these ads

One Response to “Left 4 Dead Stats 1.1 SQL Injection Vulnerability”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: