HLstatsX Community Edition "award" SQL Injection Vulnerability

[Yesterday]

   

   August 26, 2010, 07:14:09 AM
 AC: I had faith in me too just was so damn fustrated when your trying to work on something and have one to  man distractions.

   August 26, 2010, 08:49:21 PM
 KT KaBo0M[SA]: http://server-admins.com/portal/index.php?topic=1715.msg28982#msg28982

   August 26, 2010, 09:06:23 PM
 Sandman[SA]: Go to bed KT

   August 27, 2010, 06:23:04 PM
 Kodiac[SA]: *yawn*

   August 27, 2010, 06:53:24 PM
  * Kodiac[SA] walks out of the woods

   August 29, 2010, 02:41:51 AM
 Kodiac[SA]: btw guys seems i press my caps lock too often with my new kb.. so maybe im not screaming if i type symthing

   August 29, 2010, 03:06:26 AM
 Kodiac[SA]:

   August 29, 2010, 03:06:29 AM
 Kodiac[SA]: wow

   August 29, 2010, 10:51:38 AM
 Rabid_Zucchini: Just why did you put that in the shoutbox?

   August 29, 2010, 12:28:49 PM
 hookeyed: hi everybody

   August 29, 2010, 04:14:36 PM
 Kodiac[SA]: Iunno rabid Hi hook

   August 29, 2010, 05:16:23 PM
 Sandman[SA]: hey hook, long time....

   August 30, 2010, 11:26:34 AM
 KT KaBo0M[SA]: hey hook!!

   September 03, 2010, 06:14:37 PM
 KT KaBo0M[SA]: If anyone gets any email from GrindeR do NOT click on any links! His email account has gotten hijacked and sent out spam to all his contacts today and so I let him know how to rectify this. 

   September 05, 2010, 12:57:40 AM
 Kodiac[SA]: GRINDER MY DICK IS BIG ENBOUGH' STOP SENDING ME EMAIL!

   September 05, 2010, 12:58:29 AM
 KT KaBo0M[SA]: well I guess you got spam from him as well eh Sacha  

   September 05, 2010, 08:54:41 PM
 Sandman[SA]: yeah, I did too.  I just deleted it.

   September 06, 2010, 06:25:37 PM
 lazy: boo

   September 06, 2010, 11:17:59 PM
 Rabid_Zucchini: boo who?

   September 06, 2010, 11:35:43 PM
 Sandman[SA]: Don't cry little man.  This will only take a minute. 

   September 07, 2010, 12:02:23 AM
 Kodiac[SA]: LITTLE MAN WANTS A COOKIE? OH YES HE DOOOOESSS!! YES HE DOEEEESSSSS!

   September 07, 2010, 03:35:24 PM
 KT KaBo0M[SA]: Speaking of cookie .. where is GMC?

   September 07, 2010, 03:35:55 PM
 KT KaBo0M[SA]: Ah he was here less than an hour ago

   Yesterday at 12:24:12 PM
 GMC[UK]: I was also playing on the server last night with AC

   Yesterday at 08:37:27 PM
 Sandman[SA]: I must have just missed you

[KT KaBo0M[SA]]

HLstatsX Community Edition "award" SQL Injection Vulnerability

Secunia Advisory:    SA38079    
Release Date:    2010-01-04

Critical:    Moderately critical
Impact:    Manipulation of data
Where:    From remote
Solution Status:    Unpatched

Software:   HLstatsX Community Edition 1.x.

Description:
A vulnerability has been discovered in HLstatsX Community Edition, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "award" parameter in hlstats.php (if "mode" is set to "dailyawardinfo" and "game" is set to e.g. "tf" or "l4d") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.6.5. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
bnc

Original Advisory:
http://www.exploit-db.com/exploits/10850

http://secunia.com/advisories/38079/

[Kodiac[SA]]

Gg secunia

[lazy]

lol@exploits
In an old version of NeoTF you could put printf format specifiers in your chat messages, pretty easy to crash a server that way.
It was also possible using amxx but they fixed that as well.

[Sandman[SA]]

I guess it's a good thing that we don't use hlstats.   By the way lazy, neotf still has a bug that can crash a server with a spacific messagemode message.