CVE-2007-3981

WSN Links Basic Edition - SQL Injection via catid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3981. PoCs published by t0pP8uZz.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in WSN Links Basic Edition, allowing an attacker to extract user credentials (email and password) from the database via a crafted UNION-based SQL query. The exploit targets the 'catid' parameter in the 'displaycat' action.

Description

SQL injection vulnerability in index.php in WSN Links Basic Edition allows remote attackers to execute arbitrary SQL commands via the catid parameter in a displaycat action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by t0pP8uZz · textwebappsphp

https://www.exploit-db.com/exploits/4209

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in WSN Links Basic Edition, allowing an attacker to extract user credentials (email and password) from the database via a crafted UNION-based SQL query. The exploit targets the 'catid' parameter in the 'displaycat' action.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: WSN Links Basic Edition

No auth needed

Prerequisites: Target must be running WSN Links Basic Edition · SQL injection vulnerability must be present in the 'catid' parameter

MITRE ATT&CK