15 lines
No EOL
617 B
Text
15 lines
No EOL
617 B
Text
----------------------------------
|
|
> Left 4 Dead Stats SQL Injection Vulnerability
|
|
> Author: Sora
|
|
> Contact: vhr95zw [at] hotmail [dot] com
|
|
> Website: http://greyhathackers.wordpress.com/
|
|
> Google Dork: "In your dreams, script kiddies."
|
|
|
|
# VULNERABILITY DESCRIPTION:
|
|
Left 4 Dead Stats suffers from a remote SQL injection vulnerability in player.php.
|
|
|
|
# VULNERABILITY SOLUTION:
|
|
The owner of the website can sanitize the database inputs.
|
|
|
|
# Proof of Concept: http://www.site.com/l4dstats/player.php?steamid='
|
|
# Greetz: Bw0mp, Popc0rn, Xermes, T3eS, Timeb0mb, [H]aruhiSuzumiya, Revelation, and Max Mafiotu. |