My Gaming Ladder v1.0 SQL Injection Vulnerability

# Exploit Title: My Gaming Ladder SQL Injection Vulnerability
# Date: January 4th, 2009
# Author: Sora
# Software Link: http://www.mygamingladder.com/
# Version: 1.0
# Tested on: Windows and Linux
———————————–
> MyGamingLadder SQL Injection Vulnerability
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: https://greyhathackers.wordpress.com/
> Google Dork: “In your dreams, script kiddies.”
> Cost of the program: $190.00 (wow!)

# Vulnerability Description:
My Gaming Ladder v1.0 suffers a remote SQL injection vulnerability in
the parameter “ladderid=” of ladder.php. The attacker can gain user cresedentials and deface
the vulnerable website. They will either infect the website, or they will deface it.

# Proof of Concept:
http://www.test.info/mgl/ladder.php?ladderid=3′

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: