Ulisse’s Scripts 2.6.1 ladder.php SQL Injection Vulnerability

# Exploit Title: Ulisse’s Scripts 2.6.1 ladder.php SQL Injection Vulnerability
# Date: January 6th, 2010
# Author: Sora
# Version: 2.6.1
# Tested on: Windows Vista Home Premium and Linux 2.6.28.1 (Backtrack 3)
——————————
> Ulisse’s Scripts 2.6.1 ladder.php SQL Injection Vulnerability
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: https://greyhathackers.wordpress.com/
> Google Dork: “In your dreams, script kiddies.”

# VULNERABILITY DESCRIPTION:
Type: SQL Injection
Level: 4/5 (CRITICAL)

Sora has advised that Ulisse’s ladder.php file from Ulisse’s Scripts 2.6.1
suffers a remote SQL injection vulnerability in the parameter ‘gid’. The database inputs
are not properly sanitized.

# VULNERABILITY SOLUTION:
Sanitize the unsanitized database inputs in the file ladder.php.

# Proof of Concept: http://www.site.com/ulisse/ladder.php?gid=1′

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: