CVE-2007-1808

Camportail < 1.1 - SQL Injection via show.php camid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1808. PoCs published by ajann.

AI-analyzed exploit summary This Perl script exploits a blind SQL injection vulnerability in XOOPS Module Camportail <= 1.1 via the 'camid' parameter. It extracts admin credentials (username and password) from the 'xoops_users' table by crafting a malicious SQL query.

Description

SQL injection vulnerability in show.php in the Camportail 1.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the camid parameter in a showcam action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · perlwebappsphp

https://www.exploit-db.com/exploits/3629

View Code ZIP pw:eip

This Perl script exploits a blind SQL injection vulnerability in XOOPS Module Camportail <= 1.1 via the 'camid' parameter. It extracts admin credentials (username and password) from the 'xoops_users' table by crafting a malicious SQL query.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: XOOPS Module Camportail <= 1.1

No auth needed

Prerequisites: Target must have the vulnerable XOOPS module installed · Target must be accessible via HTTP

MITRE ATT&CK