CVE-2008-2532
published 2008-06-03CVE-2008-2532: SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.3th percentile
SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-38qp-942w-qgjg: SQL injection vulnerability in news
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2008-2893 [HIGH] CWE-89 GHSA-38qp-942w-qgjg: SQL injection vulnerability in news
SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-2532.
GHSA
GHSA-vrwr-5hv7-wq64: SQL injection vulnerability in forum/topic_detail
ghsa_unreviewed·2022-05-01
CVE-2008-2532 [HIGH] CWE-89 GHSA-vrwr-5hv7-wq64: SQL injection vulnerability in forum/topic_detail
SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter.
No detection rules found.
Exploit-DB
2532/Gigs 1.2.2 Stable - Remote Authentication Bypass
exploitdb·2008-12-18
CVE-2008-6907 2532/Gigs 1.2.2 Stable - Remote Authentication Bypass
2532/Gigs 1.2.2 Stable - Remote Authentication Bypass
---
/* ------------------------------------------------------------------------------------------------
* 2532|Gigs 1.2.2 Stable Remote Login Bypass Vulnerability
* ------------------------------------------------------------------------------------------------
* by athos - staker[at]hotmail[dot]it
* http://www.hotscripts.com/jump.php?listing_id=65863&jump_type=1
* ------------------------------------------------------------------------------------------------
* File Vuln checkuser.php
*
* 16. $username = $_POST['username'];
* 17. $password = $_POST['password'];
* ...
* 41. $query = "SELECT * FROM $dbt_users WHERE username = '$username' AND password = '$password'" ;
* 42. $result = mysql_query($query) or die ( "Error in query: $query.
Exploit-DB
2532/Gigs 1.2.2 Stable - Multiple Vulnerabilities
exploitdb·2008-12-18
CVE-2008-6902 2532/Gigs 1.2.2 Stable - Multiple Vulnerabilities
2532/Gigs 1.2.2 Stable - Multiple Vulnerabilities
---
[START]
#########################################################################################
[0x01] Informations:
Script : 2532|Gigs v1.2 Stable
Download : http://www.hotscripts.com/jump.php?listing_id=65863&jump_type=1
Dork : Powered by 2532|Gigs v1.2.2
Vulnerability : Local File Inclusion / Remote File Upload
Author : Osirys
Contact : osirys[at]live[dot]it
Website : http://osirys.org
Notes : Proud to be Italian
Greets: : XaDoS, x0r, emgent, Jay, str0ke, Todd and AlpHaNiX
#########################################################################################
[0x02] Bug: [Multiple Local File Inclusions]
######
Bugged file is: /[path]/settings.php
Bugged file is: /[path]/deleteuser.php
Bugged file is: /[path]/mini_calendar.
Exploit-DB
AJ HYIP ACME - 'topic_detail.php' SQL Injection
exploitdb·2008-05-12
CVE-2008-2532 AJ HYIP ACME - 'topic_detail.php' SQL Injection
AJ HYIP ACME - 'topic_detail.php' SQL Injection
---
|| || | ||
o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,
( : / (_) / ( .
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
> Found by : Cyb3r-1sT
> C0ntact : t3tto0 [at] yahoo.com
cyb3r-1st [at] hotmail.com
> Groups : InjEctOr5 T3am
+++++++++++++ R3membeR Kings of injection ++++++++++++++
> script : aj-hyip
> download : www.ajhyip.com
++++++++++++++++ pWning israel fuckers ++++++++++++++++
> D0rk : find it
> Exploit :>>>>>>>>>
for admin inf0 :::
>>>>>>
Exploit-DB
2532/Gigs 1.2.2 - Arbitrary Database Backup/Download
exploitdb·2008-04-18
CVE-2008-6199 2532/Gigs 1.2.2 - Arbitrary Database Backup/Download
2532/Gigs 1.2.2 - Arbitrary Database Backup/Download
---
--==+================================================================================+==--
--==+ 2532|Gigs <= 1.2.2 Arbitrary Remote Database Backup/Download +==--
--==+================================================================================+==--
Discovered By: t0pP8uZz
Discovered On: 18 April 2008
Script Download: http://www.2532gigs.com/?download=2532Gigs_stable
DORK: N/A
Vendor Has Not Been Notified!
DESCRIPTION:
2532|Gigs does not validate a user in "backup.php" this means any user can visit and backup.
of course some GET variables are being used but thats all.
running the below url/path on a server that is running 2532|Gigs will make a backup of the database
and save it too "http://site.com/2532gigs/backup.sql"
No writeups or analysis indexed.
2008-06-03
Published