wowroster-sql.txt

2008-03-21T00:00:00
ID PACKETSTORM:64795
Type packetstorm
Reporter SaKu
Modified 2008-03-21T00:00:00

Description

                                        
                                            `########################################  
# WoWRoster <= 1.7.3 #  
# #  
# memberlog.php #  
# Non-critical #  
# Remote SQL Injection Vulnerability #  
# #  
# discovered by: SaKu #  
########################################  
  
  
This vulnerability is not critical, because  
the parameter $start is present after an   
'ORDER BY' and a 'LIMIT'. You always will get the  
error: "1221: Incorrect usage of UNION and ORDER BY."  
  
Exploit:  
http://[target]/[roster]/memberlog.php?start=[SQL]  
`