23 lines
No EOL
563 B
Text
23 lines
No EOL
563 B
Text
# Exploit Title: UTStats XSS, SQL Injection & Full path disclosure
|
|
# Date: 13-06-2010
|
|
# Author: LuM Member
|
|
# Software Link: http://www.unrealadmin.org/forums/showthread.php?t=29786
|
|
# Version: All recent versions.
|
|
# Tested on: Windows 7 x64
|
|
# CVE : none
|
|
# Code :
|
|
There are most likely some more bugs in it. I didn't check the code in
|
|
detail.
|
|
If you check google, you see there are quite some installs.
|
|
|
|
XSS:
|
|
pages/match_report.php?mid=
|
|
|
|
Sql Injection:
|
|
index.php?p=matchp&pid='
|
|
|
|
Full Path Disclosure:
|
|
pages/servers_info.php
|
|
|
|
|
|
Greetings to LuM. |