########################################
#  WoWRoster    <= 1.7.3               #
#                                      #
#  memberlog.php                       #
#  Non-critical                        #
#  Remote SQL Injection Vulnerability  #
#                                      #
#  discovered by: SaKu                 #
########################################


This vulnerability is not critical, because
the parameter $start is present after an 
'ORDER BY' and a 'LIMIT'. You always will get the
error: "1221: Incorrect usage of UNION and ORDER BY."

Exploit:
http://[target]/[roster]/memberlog.php?start=[SQL]