Left 4 Dead Stats 1.1 - SQL Injection Vulnerability

EDB-ID: 10930 CVE: 2010-0980 OSVDB-ID: 61472
Verified: Author: Sora Published: 2010-01-02
Download Exploit: Source Raw Download Vulnerable App:
> Left 4 Dead Stats SQL Injection Vulnerability
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: http://greyhathackers.wordpress.com/
> Google Dork: "In your dreams, script kiddies."

Left 4 Dead Stats suffers from a remote SQL injection vulnerability in player.php.

The owner of the website can sanitize the database inputs.

# Proof of Concept: http://www.site.com/l4dstats/player.php?steamid='
# Greetz: Bw0mp, Popc0rn, Xermes, T3eS, Timeb0mb, [H]aruhiSuzumiya, Revelation, and Max Mafiotu.