CVE-2008-2858
published 2008-06-25CVE-2008-2858: SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter. NOTE: the…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
0.82%
52.5th percentile
SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webchamado | webchamado | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHP Live! 3.2.2 - 'questid' SQL Injection (2)
exploitdb·2009-07-24
CVE-2008-0821 PHP Live! 3.2.2 - 'questid' SQL Injection (2)
PHP Live! 3.2.2 - 'questid' SQL Injection (2)
---
Original author: Found by Xar of h4ck-y0u, Greets to Don & ViSiOn
Modified version: skys
Contact: skysbsb[at]gmail.com
[!]Info[!]
PHP Live! (© OSI Codes Inc.) enables live help and live customer support
communication directly from your website. With PHP Live!, you can
provide one-on-one chat assistance in real-time, answer visitor
questions and add that extra human touch to your website.
[!]SQL Injection[!]
The original code was a little mistake, the right code:
Code:
Set the proper l(login) var in the parameter request.
In this example, l=admin
http://www.site.com/path-to-phplive/admin/traffic/knowledge_searchm.php?action=expand_question&l=admin&x=1&questid=-1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,concat%28login,char%2858%29,
Exploit-DB
WebChamado 1.1 - 'tsk_id' SQL Injection
exploitdb·2008-06-13
CVE-2008-2906 WebChamado 1.1 - 'tsk_id' SQL Injection
WebChamado 1.1 - 'tsk_id' SQL Injection
---
#######################################################################################
# #
# ...:::::WebChamado 1.1 SQL Injection Vulnerability ::::.... #
#######################################################################################
Virangar Security Team
www.virangar.net
www.virangar.ir
Discoverd By :virangar security team(hadihadi)
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra
& all virangar members & all hackerz
greetz:to my best friend in the world hadi_aryaie2004
& my lovely friend arash(imm02tal)
vuln code in lista_anexos.php:
line 12: $tsk_id = $_GET['tsk_id'];
....
line 14: $query = "SELECT SEQ, DSC, TIP, TAM FROM TBLTASK_TSKARQ WHERE TSK_ID = $tsk_id ORDER BY DSC";
---
exploit:
http://site.com/lista_anexos.php
No writeups or analysis indexed.
2008-06-25
Published