CVE-2007-3539

QuickTalk Forum 1.3 and QuickTicket 1.2 build:20070621 - SQL Injection via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3539. PoCs published by croconile.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in QuickTicket versions 1.4 and 1.5.0.3 via the 'id' parameter in qti_usr.php, allowing an attacker to extract user credentials from the database.

Description

Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php. NOTE: it was later reported that vector 5 also affects 1.4, 1.5, and 1.5.0.3.

Exploits (1)

exploitdb WORKING POC VERIFIED

by croconile · textwebappsphp

https://www.exploit-db.com/exploits/5222

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in QuickTicket versions 1.4 and 1.5.0.3 via the 'id' parameter in qti_usr.php, allowing an attacker to extract user credentials from the database.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: QuickTicket v1.4, v1.5.0.3

No auth needed

Prerequisites: Access to the vulnerable qti_usr.php endpoint

MITRE ATT&CK