CVE-2005-1293

StorePortal 2.63 - SQL Injection via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1293. PoCs published by Dcrab.

AI-analyzed exploit summary The provided text describes multiple SQL injection vulnerabilities in StorePortal, detailing vulnerable parameters in various URLs. It does not include executable exploit code but serves as a technical writeup of the vulnerability.

Description

Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or (6) idproduct parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Dcrab · textwebappsasp

https://www.exploit-db.com/exploits/25529

View Code ZIP pw:eip

The provided text describes multiple SQL injection vulnerabilities in StorePortal, detailing vulnerable parameters in various URLs. It does not include executable exploit code but serves as a technical writeup of the vulnerability.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: StorePortal (version not specified)

No auth needed

Prerequisites: Access to the vulnerable StorePortal application

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111445131808328&w=2

Exploit x_refsource_misc

http://digitalparadox.org/advisories/storeportal.txt

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/15071

Scores

EPSS 0.0116

EPSS Percentile 62.9%

Details

Status published

Products (1)

storeportal/storeportal 2.63

Published May 02, 2005

Tracked Since Feb 18, 2026