CVE-2007-3631

GameSiteScript < 3.1 - SQL Injection via Index Params Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3631. PoCs published by Xenduer77.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in GameSiteScript's profile view functionality. It allows an attacker to extract usernames and passwords from the members table by injecting a UNION-based SQL query.

Description

SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validation of the id field.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Xenduer77 · textwebappsphp

https://www.exploit-db.com/exploits/4159

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in GameSiteScript's profile view functionality. It allows an attacker to extract usernames and passwords from the members table by injecting a UNION-based SQL query.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: GameSiteScript (versions prior to and including 3.1)

No auth needed

Prerequisites: Target must be running GameSiteScript with vulnerable version · Target must have the profile view functionality accessible

MITRE ATT&CK