CVE-2005-1503

MidiCart PHP Shopping Cart - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1503. PoCs published by Exoduks.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in MidiCart PHP by injecting a malicious SQL query via the 'searchstring' parameter. It retrieves sensitive credit card information from the 'card_payment' table.

Description

Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Exoduks · textwebappsphp

https://www.exploit-db.com/exploits/25614

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in MidiCart PHP by injecting a malicious SQL query via the 'searchstring' parameter. It retrieves sensitive credit card information from the 'card_payment' table.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: MidiCart PHP

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK