CVE-2012-5348
published 2012-10-09CVE-2012-5348: SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to…
PriorityP339medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.05%
60.1th percentile
SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wilson_steven | mangosweb_enhanced | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Zabbix 2.0.1 - Session Extractor
exploitdb·2012-07-24
CVE-2012-3435 Zabbix 2.0.1 - Session Extractor
Zabbix 2.0.1 - Session Extractor
---
#!/usr/bin/python
import re
import sys,urllib2,urllib
print "\n[*] Zabbix 2.0.1 Session Extractor 0day"
print "[*] http://www.offensive-security.com"
print "##################################\n"
'''
The sessions found by this tool may allow you to access the scripts.php file.
Through this web interface, an administrator can define new malicious scripts.
These scripts can then be called from the maps area, and executed with "zabbix" permissions.
Timeline:
17 Jul 2012: Vulnerabilty reported
17 Jul 2012: Reply received
18 Jul 2012: Issue opened: https://support.zabbix.com/browse/ZBX-5348
19 Jul 2012: Fixed for inclusion in version 2.0.2
'''
ip="172.16.164.150"
target = 'http://%s/zabbix/popup_bitem.php' % ip
url = 'http://%s/zabbix/scripts.php'
Exploit-DB
MangosWeb - SQL Injection
exploitdb·2012-01-08
CVE-2012-5348 MangosWeb - SQL Injection
MangosWeb - SQL Injection
---
EXPLOIT TITLE: MangosWeb SQL Vulnerability
DATE: 1/7/2012
BY Hood3dRob1n
AFFECTED PRODUCTS: MangosWeb Enhanced Version 3.0.3
SW LINK: http://code.google.com/p/mwenhanced/
CATEGORY: WebApp 0day
DORK: intext:MangosWeb ENhanced Version 3.0.3 @2009-2011, KeysWow Dev Team
TESTED ON: W7 & Backtrack 5
DEMO1: http://wowfaction.selfip.com/wow/
DEMO2: http://www.mojotrollz.eu/
DEMO3: http://h1987786.stratoserver.net:8096/
Greetz to: -DownFall, Zer0Pwn, zerofreak, ~!White!~, Dr. Hobo, ring0_, Pi , and Greyerstring!
Found SQL vulnerabilities in this CMS whcih seems to affect a large amount of online gaming sites. There is a SQL injection vulnerability in the Login field of the login form located at the top of the site pages. If you inject a single apostrophe (') into t
http://secunia.com/advisories/47468http://www.exploit-db.com/exploits/18335http://www.securityfocus.com/bid/51314https://exchange.xforce.ibmcloud.com/vulnerabilities/72231http://secunia.com/advisories/47468http://www.exploit-db.com/exploits/18335http://www.securityfocus.com/bid/51314https://exchange.xforce.ibmcloud.com/vulnerabilities/72231
2012-10-09
Published