CVE-2005-3509
JPortal Web Portal - SQL Injection via Banner.php or ID Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2005-3509. PoCs published by Mousehack.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in JPortal via the 'id' parameter in news.php. The payload uses a UNION-based attack to extract data from the 'admins' table, indicating improper input sanitization.
Description
Multiple SQL injection vulnerabilities in JPortal allow remote attackers to execute arbitrary SQL commands via (1) banner.php or the id parameter to (2) print.php, (3) comment.php, and (4) news.php.
Exploits (2)
This exploit demonstrates a SQL injection vulnerability in JPortal via the 'id' parameter in news.php. The payload uses a UNION-based attack to extract data from the 'admins' table, indicating improper input sanitization.
This exploit demonstrates SQL injection in JPortal by manipulating the 'id' parameter in comment.php to extract admin credentials (nick and MD5 password) via UNION-based SQLi. It requires no authentication and is straightforward to execute.