View Full Version : [Release] gllcTS2 Webpost for TeamSpeak 2
Tristan1990
07-06-2008, 23:34
Is there any possibility, to use the Viewer of this Script, to bind in a website like the viewer of tswebtec.com?
sorry for my bad english :P
Zup Arkhen
27-06-2008, 00:29
There is a vulnerability with GLLCTS2.
It's possible to preform a sql injection with login.php
Fox fix this open login.php and in line 20:
$r = query("SELECT * FROM $dbtable1 WHERE server_id='$_GET[detail]'");
And replace:
$id_serveur = mysql_real_escape_string($_GET[detail]);
$r = query("SELECT * FROM $dbtable1 WHERE server_id='$id_serveur'");
You can replace $id_serveur by $server_id ! :p
!UPDATE!
There is a second vulnerability.
In listing.php you can perform a SQL injection with $sort.
Fox fix this open listing.php in line 30 search:
$sort = $_GET["sort"];
Replace With:
//Fix $sort (SQL Injection) by Zup Arkhen (http://www.mondesvirtuels.info)
switch ($_GET['sort'])
{
case "server_password":
$sort = "server_password";
break;
case "server_name":
$sort = "server_name";
break;
case "server_ip":
$sort = "server_ip";
break;
case "clients_current":
$sort = "clients_current";
break;
case "clients_maximum":
$sort = "clients_maximum";
break;
case "server_platform":
$sort = "server_platform";
break;
default:
$sort = "server_name";
break;
}
vBulletin® v3.7.3, Copyright ©2000-2008, Jelsoft Enterprises Ltd.