CVE-2007-3884

husrevforum 1.0.1 and 2.0.1 - SQL Injection via forumid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3884. PoCs published by GeFORC3.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in husrevforum v1.0.1 (tr) by injecting a UNION-based SQL query to extract user credentials (username and password) from the database. The attack leverages unsanitized input in the 'forumid' parameter.

Description

SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: it was later reported that 2.0.1 is also affected.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GeFORC3 · textwebappsasp

https://www.exploit-db.com/exploits/30316

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in husrevforum v1.0.1 (tr) by injecting a UNION-based SQL query to extract user credentials (username and password) from the database. The attack leverages unsanitized input in the 'forumid' parameter.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: husrevforum v1.0.1 (tr)

No auth needed

Prerequisites: Target application must be accessible · Database must contain a 'users' table with 'username' and 'password' columns

MITRE ATT&CK