CVE-2006-6781

HLstats 1.20-1.34 - Information Disclosure via Playinfo Mode Parameter Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6781. PoCs published by Michael Brooks.

AI-analyzed exploit summary This PHP script exploits a SQL injection vulnerability in HLStats versions 1.20 to 1.34, allowing attackers to extract database credentials, read arbitrary files, and potentially upload malicious payloads. It includes a web interface for configuring attacks and supports proxy usage for anonymity.

Description

HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive information via playinfo mode, with certain values of the player and playerdata[lastName][] parameters, which reveals the path in an error message.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Michael Brooks · phpwebappsphp
https://www.exploit-db.com/exploits/3002

This PHP script exploits a SQL injection vulnerability in HLStats versions 1.20 to 1.34, allowing attackers to extract database credentials, read arbitrary files, and potentially upload malicious payloads. It includes a web interface for configuring attacks and supports proxy usage for anonymity.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: HLStats <= 1.34 and >= 1.20
No auth needed
Prerequisites: Target URL with HLStats installation · Network access to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3002
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2064
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/455305/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21740

Scores

EPSS 0.0268
EPSS Percentile 83.9%

Details

Status published
Products (2)
hlstats/hlstats 1.20
hlstats/hlstats 1.34
Published Dec 28, 2006
Tracked Since Feb 18, 2026