CVE-2008-0185

NetRisk 1.9.7 - SQL Injection via PID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0185. PoCs published by Virangar Security.

AI-analyzed exploit summary This exploit demonstrates SQL injection and XSS vulnerabilities in NetRisk 1.9.7. The SQLi allows retrieval of admin credentials via union-based injection, while the XSS executes arbitrary JavaScript.

Description

SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php).

Exploits (1)

exploitdb WORKING POC VERIFIED

by Virangar Security · textwebappsphp

https://www.exploit-db.com/exploits/4852

View Code ZIP pw:eip

This exploit demonstrates SQL injection and XSS vulnerabilities in NetRisk 1.9.7. The SQLi allows retrieval of admin credentials via union-based injection, while the XSS executes arbitrary JavaScript.

Classification

Working Poc 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: NetRisk 1.9.7

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK