Exploitation Summary
EIP tracks 2 public exploits for CVE-2005-3868. PoCs published by Sangteamtham, r0t.
AI-analyzed exploit summary The exploit demonstrates SQL injection and XSS vulnerabilities in K-Search. The SQLi exploit uses a UNION-based attack to extract database information, while the XSS exploit injects malicious JavaScript via the 'term' parameter.
Description
Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add request.
Exploits (2)
The exploit demonstrates SQL injection and XSS vulnerabilities in K-Search. The SQLi exploit uses a UNION-based attack to extract database information, while the XSS exploit injects malicious JavaScript via the 'term' parameter.
The provided text describes SQL injection vulnerabilities in K-Search, with example URLs demonstrating unsanitized input. No executable exploit code is present, only advisory details and proof-of-concept query strings.