EasyClanpage v2.2 multiple SQL Injection + Exploit.pdf

1 −−−−−−−−−−−−−−−−−−−−−−−−−−−−Information−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 2 +Name : Easy−Clanpage <= v2.2 multiple SQL Injection + Exploit 3 +Autor : Easy Laster 4 +Date : 31.03.2010 5 +Script : Easy−Clanpage <= v2.2 6 +Download : Update Version 2.1−>2.2 http://www.easy−clanpage.de 7 /?section=downloads&action=viewdl&id=18 8 +Price : for free 9 +Language : PHP 10 +Discovered by Easy Laster 11 +Security Group 4004−Security−Project 12 +Greetz to Team−Internet ,Underground Agents 13 +And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok, 14 Kiba,−tmh−,Dr.ChAoS,HANN!BAL,Kabel,−=Player=−,Lidloses_Auge, 15 N00bor,Ic3Drag0n,novaca!ne,n3w7u,Maverick010101.. 16 17 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 18 19 ___ ___ ___ ___ _ _ _____ _ _ 20 | | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_ 21 |_ | | | | |_ |___|_ −| −_| _| | | _| | _| | |___| __| _| . | | | −_| _| _| 22 |_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_| |___|___|_| 23 |___| |___| 24 25 26 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 27 +Vulnerability PHP Code 28 29 −#######################################################################################− 30 IF(isset($_GET[’action’])) { 31 switch($_GET[’action’]) { 32 case "viewpic": 33 gallery_show_pic($_GET[’id’]); 34 break; 35 case "gallery": 36 gallery_show_gallery($_GET[’id’]); 37 break; 38 case "kate": 39 gallery_show_kate($_GET[’id’]); 40 break; 41 case "comments": 42 gallery_show_pic((int)$_GET[’id’]); 43 break; 44 case "comm