CVE-2005-4143

Lyris ListManager 5.0-8.9a - SQL Injection via /read/attachment URL

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4143. PoCs published by H D Moore.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in Lyris ListManager for Microsoft SQL Server, allowing arbitrary command execution via the xp_cmdshell stored procedure. It constructs a malicious SQL query to execute the payload.

Description

SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a allows remote attackers to execute arbitrary SQL commands via SQL code after a numeric argument to a /read/attachment URL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by H D Moore · remotewindows

https://www.exploit-db.com/exploits/1366

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in Lyris ListManager for Microsoft SQL Server, allowing arbitrary command execution via the xp_cmdshell stored procedure. It constructs a malicious SQL query to execute the payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Lyris ListManager (MSSQL)

No auth needed

Prerequisites: Target running Lyris ListManager with MSSQL backend · Network access to the target

MITRE ATT&CK