CVE-2008-0266

eTicket 1.5.5.2 - Cross-Site Request Forgery in admin.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0266. PoCs published by L4teral.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass and SQL injection vulnerability in eTicket 1.5.5.2. It uses a crafted form submission to bypass authentication and change the admin password via SQL injection.

Description

Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by L4teral · htmlwebappsphp

https://www.exploit-db.com/exploits/30994

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass and SQL injection vulnerability in eTicket 1.5.5.2. It uses a crafted form submission to bypass authentication and change the admin password via SQL injection.

Classification

Working Poc 90%

Attack Type

Sqli | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: eTicket 1.5.5.2

No auth needed

Prerequisites: Access to the target application's admin interface

MITRE ATT&CK