Left 4 Dead Stats 1.1 SQL Injection Vulnerability

2010-03-21
ID: 11383
CVE: None
Download vulnerable application: None
> Left 4 Dead Stats SQL Injection Vulnerability
> Author: Sora
> Website: http://greyhathackers.wordpress.com/
> Google Dork: "In your dreams, script kiddies."
 # VULNERABILITY DESCRIPTION:
Left 4 Dead Stats suffers from a remote SQL injection vulnerability in
player.php.
 # VULNERABILITY SOLUTION:
The owner of the website can sanitize the database inputs.
 # Proof of Concept: http://www.site.com/l4dstats/player.php?steamid='
1-4-2 (www01)