CVE-2008-6656
published 2009-04-07CVE-2008-6656: Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.15%
62.7th percentile
Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to listings.php and (2) the username field to login.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openautoclassifieds | open_auto_classifieds | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) (MS08-021)
exploitdb·2008-10-02
CVE-2008-1087 Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) (MS08-021)
Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) (MS08-021)
---
EMR_COLORMATCHTOTARGETW stack buffer overflow exploit
By Ac!dDrop
This is one of the 2 Vulnerabilities of MS08-021
Tested on Windows xp professional SP1
GDi32.dll 5.1.2600.1106
kernel32.dll 5.1.2600.1106
ws2_32.dll 5.1.2600.0
calc.zip---> executes calculator
IE.zip and localhost.zip ------> connects at localhost at port 230
On Windows Xp Sp2 only causes Denial of service.
-(Vulnerable function guarded with a GS cookie)
-(The function which copies data to stack has an exception handler which recovers from access violations so u cant exploit it by hitting next page ).
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6656.tgz (2008-Gdi.tgz)
# milw0rm.com [2008-10-02]
Exploit-DB
Open Auto Classifieds 1.4.3b - SQL Injection
exploitdb·2008-05-02
CVE-2008-6656 Open Auto Classifieds 1.4.3b - SQL Injection
Open Auto Classifieds 1.4.3b - SQL Injection
---
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
Title :: Remote SQL Injection
Author :: InjEctOr [s0f (at) w.cn]
&& Fisher762 [SQ7 (at) w.cn]
Application :: Open Auto Classifieds vehicle listings manager v1.4.3b
Download :: http://mesh.dl.sourceforge.net/sourceforge/openauto/openauto_v1.4.3b.zip
Dork 1 :: use your mind
Greets :: Allah , Muslims Hackers
Terms of use :: This exploit is just for educational purposes, DO NOT use it for illegal acts.
No writeups or analysis indexed.
http://freshmeat.net/projects/openauto/releases/277061http://osvdb.org/50255http://osvdb.org/50256http://www.securityfocus.com/bid/29027https://exchange.xforce.ibmcloud.com/vulnerabilities/42158https://www.exploit-db.com/exploits/5531http://freshmeat.net/projects/openauto/releases/277061http://osvdb.org/50255http://osvdb.org/50256http://www.securityfocus.com/bid/29027https://exchange.xforce.ibmcloud.com/vulnerabilities/42158https://www.exploit-db.com/exploits/5531
2009-04-07
Published