CVE-2005-3817
Softbiz Web Host Directory Script < 1.1 - SQL Injection via Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 5 public exploits for CVE-2005-3817. PoCs published by 41.w4r10r, r0t.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in SoftBizScripts Hosting Script via the 'cid' parameter in 'browsecats.php'. The PoC shows how an attacker can extract database information such as the MySQL version.
Description
Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module.
Exploits (5)
This exploit demonstrates a SQL injection vulnerability in SoftBizScripts Hosting Script via the 'cid' parameter in 'browsecats.php'. The PoC shows how an attacker can extract database information such as the MySQL version.
The provided text describes SQL injection vulnerabilities in Softbiz Web Host Directory Script version 1.1 and earlier. It explains the cause and potential impact but does not include actual exploit code or a proof-of-concept.
The provided text describes SQL injection vulnerabilities in Softbiz Web Host Directory Script version 1.1 and earlier. It explains the cause (lack of input sanitization) and potential impacts (data compromise, modification, or underlying database exploitation).
The provided text describes a SQL injection vulnerability in Softbiz Web Host Directory Script version 1.1 and earlier. It explains the vulnerability's cause and potential impact but does not include functional exploit code.
The provided text describes a SQL injection vulnerability in Softbiz Web Host Directory Script version 1.1 and earlier. It explains the cause and potential impact but does not include actual exploit code or a proof-of-concept.