CVE-2008-6328
published 2009-02-27CVE-2008-6328: SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.02%
59.0th percentile
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| butterflymedia | butterfly_organizer | — | — |
| butterflymedia | butterfly_organizer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Butterfly ORGanizer 2.0.1 - 'id' SQL Injection
exploitdb·2008-12-10
CVE-2008-6328 Butterfly ORGanizer 2.0.1 - 'id' SQL Injection
Butterfly ORGanizer 2.0.1 - 'id' SQL Injection
---
#########################################################################################
[0x01] Informations:
Name : Butterfly Organizer 2.0.1 Sql Injection
Download : http://www.hotscripts.com/jump.php?listing_id=72677&jump_type=1
Vulnerability : Remote Sql Injection
Author : Osirys
Contact : osirys[at]live[dot]it
Notes : Proud to be Italian
* : Same bug of the previous version: http://milw0rm.com/exploits/5797
#########################################################################################
[0x02] Bug:
Bugged file is /[path]/view.php
[CODE]
$mytable = $_GET['mytable'];
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM ".$mytable." WHERE id=$id",$database);
$myrow = mysql_fetch_array($result);
[/CODE]
Query accept d
Exploit-DB
Butterfly ORGanizer 2.0.0 - SQL Injection / Cross-Site Scripting
exploitdb·2008-06-13
CVE-2008-6700 Butterfly ORGanizer 2.0.0 - SQL Injection / Cross-Site Scripting
Butterfly ORGanizer 2.0.0 - SQL Injection / Cross-Site Scripting
---
Butterfly Organizer 2.0.0 (SQL/XSS) Multiple Remote Vulnerabilities
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'
AUTHOR : CWH Underground
DATE : 13 June 2008
SITE : www.citec.us
#####################################################
APPLICATION : Butterfly Organizer
VERSION : 2.0.0
DOWNLOAD : www.butterflymedia.ro/downloads/organizer_2_0_0.zip
#####################################################
+++ Remote SQL Injection Exploit +++
Vulnerable Code [view.php]
@Line
26: $mytable = $_GET
No writeups or analysis indexed.
http://secunia.com/advisories/33086http://www.securityfocus.com/bid/29700https://www.exploit-db.com/exploits/5797https://www.exploit-db.com/exploits/7411http://secunia.com/advisories/33086http://www.securityfocus.com/bid/29700https://www.exploit-db.com/exploits/5797https://www.exploit-db.com/exploits/7411
2009-02-27
Published