CVE-2007-3190

Just For Fun Network Management System 0.8.3 - SQL Injection via User and Pass Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3190. PoCs published by Tim Brown.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in JFFNMS versions prior to 0.8.4-pre3. The PoC manipulates the SQL query logic via the 'user' parameter in the authentication process to bypass authentication and potentially access sensitive information.

Description

Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tim Brown · textwebappsphp

https://www.exploit-db.com/exploits/30171

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in JFFNMS versions prior to 0.8.4-pre3. The PoC manipulates the SQL query logic via the 'user' parameter in the authentication process to bypass authentication and potentially access sensitive information.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Just For Fun Network Management and Monitoring System (JFFNMS) < 0.8.4-pre3

No auth needed

Prerequisites: Access to the target application's authentication endpoint

MITRE ATT&CK