bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/11048.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

20 lines
No EOL
738 B
Text
Raw Blame History

# Tested on: Windows Vista Home Premium and Linux 2.6.28.1 (Backtrack 3)
------------------------------
> Ulisse's Scripts 2.6.1 ladder.php SQL Injection Vulnerability
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: http://greyhathackers.wordpress.com/
> Google Dork: "In your dreams, script kiddies."
# VULNERABILITY DESCRIPTION:
Type: SQL Injection
Level: 4/5 (CRITICAL)
Sora has advised that Ulisse's ladder.php file from Ulisse's Scripts 2.6.1
suffers a remote SQL injection vulnerability in the parameter 'gid'. The database inputs
are not properly sanitized.
# VULNERABILITY SOLUTION:
Sanitize the unsanitized database inputs in the file ladder.php.
# Proof of Concept: http://server/ulisse/ladder.php?gid=1'
Reference in a new issue View git blame Copy permalink