CVE-2007-0865

LushiNews <= 1.01 - Authenticated SQL Injection via Comments ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0865. PoCs published by ajann.

AI-analyzed exploit summary This is a functional exploit for CVE-2007-0865, targeting a SQL injection vulnerability in LushiNews <= 1.01 via the 'comments.php' file. It extracts user credentials (username, password, email) from the database using a UNION-based SQL injection technique.

Description

SQL injection vulnerability in comments.php in LushiNews 1.01 and earlier allows remote authenticated users to inject arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · webappsphp

https://www.exploit-db.com/exploits/3287

View Code ZIP pw:eip

This is a functional exploit for CVE-2007-0865, targeting a SQL injection vulnerability in LushiNews <= 1.01 via the 'comments.php' file. It extracts user credentials (username, password, email) from the database using a UNION-based SQL injection technique.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: LushiNews <= 1.01

No auth needed

Prerequisites: Target URL with vulnerable LushiNews installation · Valid user ID in the database

MITRE ATT&CK