CVE-2007-5308

PHP Homepage M 1.0 - SQL Injection via Galerie.php ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5308. PoCs published by [PHCN] Mahjong.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in PHP Homepage M V.1.0's galerie.php. It extracts user credentials by manipulating the 'id' parameter in a UNION-based SQLi attack when magic_quotes_gpc is disabled.

Description

SQL injection vulnerability in galerie.php in PHP Homepage M (phpHPm) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by [PHCN] Mahjong · phpwebappsphp

https://www.exploit-db.com/exploits/4501

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in PHP Homepage M V.1.0's galerie.php. It extracts user credentials by manipulating the 'id' parameter in a UNION-based SQLi attack when magic_quotes_gpc is disabled.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PHP Homepage M V.1.0

No auth needed

Prerequisites: magic_quotes_gpc must be OFF · target must be running PHP Homepage M V.1.0

MITRE ATT&CK