# Exploit Title: Ulisse’s Scripts 2.6.1 ladder.php SQL Injection Vulnerability # Date: January 6th, 2010 # Author: Sora # Version: 2.6.1 # Tested on: Windows Vista Home Premium and Linux 2.6.28.1 (Backtrack 3) —————————— > Ulisse’s Scripts 2.6.1 ladder.php SQL Injection Vulnerability > Author: Sora > Contact: vhr95zw [at] hotmail [dot] com > Website: http://greyhathackers.wordpress.com/ > Google Dork: “In your dreams, script kiddies.” # VULNERABILITY DESCRIPTION: Type: SQL Injection Level: 4/5 (CRITICAL) Sora has advised that Ulisse’s ladder.php file from Ulisse’s Scripts 2.6.1 suffers a remote SQL injection vulnerability in the parameter ‘gid’. The database inputs are not properly sanitized. # VULNERABILITY SOLUTION: Sanitize the unsanitized database inputs in the file ladder.php. # Proof of Concept: http://www.site.com/ulisse/ladder.php?gid=1′