CVE-2007-2672

PHP Coupon Script 3.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2672. PoCs published by Mehmet Ince.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in PHP Coupon Script 3.0 via the 'bus' parameter in the 'viewbus' page. The payload uses a UNION-based attack to extract username and password fields from the 'users' table.

Description

SQL injection vulnerability in index.php in PHP Coupon Script 3.0 allows remote attackers to execute arbitrary SQL commands via the bus parameter in a viewbus page.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mehmet Ince · textwebappsphp

https://www.exploit-db.com/exploits/3839

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in PHP Coupon Script 3.0 via the 'bus' parameter in the 'viewbus' page. The payload uses a UNION-based attack to extract username and password fields from the 'users' table.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PHP Coupon Script 3.0

No auth needed

Prerequisites: Target application must be running PHP Coupon Script 3.0 · The 'page' parameter must be set to 'viewbus'

MITRE ATT&CK