CVE-2007-1909
Ryan Haudenschilt Battle.net Clan Script 1.5.1 - SQL Injection via User or Pass Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-1909. PoCs published by h a c k e r _ X.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Battle.net Clan Script 1.5's login.php. It bypasses authentication by injecting a UNION SELECT query to retrieve user data without valid credentials.
Description
SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.net Clan Script for PHP 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass parameter.
Exploits (1)
This exploit demonstrates a SQL injection vulnerability in Battle.net Clan Script 1.5's login.php. It bypasses authentication by injecting a UNION SELECT query to retrieve user data without valid credentials.