CVE-2004-2737

NetSupport DNA HelpDesk 1.01 - SQL Injection via problist.asp where Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2737. PoCs published by Noam Rathaus.

AI-analyzed exploit summary This Perl script exploits an SQL injection vulnerability in DNA HelpDesk 1.01 via the 'where' parameter in 'problist.asp'. It authenticates, retrieves session cookies, and executes a malicious SQL query to elevate privileges by modifying the HD_Permissions table.

Description

SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Noam Rathaus · perlwebappsasp

https://www.exploit-db.com/exploits/24299

View Code ZIP pw:eip

This Perl script exploits an SQL injection vulnerability in DNA HelpDesk 1.01 via the 'where' parameter in 'problist.asp'. It authenticates, retrieves session cookies, and executes a malicious SQL query to elevate privileges by modifying the HD_Permissions table.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: DNA HelpDesk 1.01

Auth required

Prerequisites: Valid user credentials · Network access to the target · DNA HelpDesk 1.01 installation

MITRE ATT&CK