CVE-2007-0354

MGB OpenSource Guestbook <= 0.5.4.5 - SQL Injection via email.php id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0354. PoCs published by SlimTim10.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in MGB <= 0.5.4.5 to extract the admin password from the database. It sends a crafted HTTP request to retrieve the password hash and constructs the admin login URL.

Description

SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SlimTim10 · perlwebappsphp

https://www.exploit-db.com/exploits/3141

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in MGB <= 0.5.4.5 to extract the admin password from the database. It sends a crafted HTTP request to retrieve the password hash and constructs the admin login URL.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: MGB <= 0.5.4.5

No auth needed

Prerequisites: Target must be running MGB <= 0.5.4.5 · Target must be accessible via HTTP

MITRE ATT&CK