CVE-2007-0140

Kolayindir Download - SQL Injection via down.asp id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0140. PoCs published by ShaFuck31.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Kolayindir Download, where the 'id' parameter in 'down.asp' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially compromising the application or underlying database.

Description

SQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by ShaFuck31 · textwebappsasp

https://www.exploit-db.com/exploits/29385

View Code ZIP pw:eip

The provided text describes an SQL injection vulnerability in Kolayindir Download, where the 'id' parameter in 'down.asp' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially compromising the application or underlying database.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Kolayindir Download

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK