CVE-2008-1219

Kutub-i Sitte <1.1 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1219. PoCs published by r080cy90r.

AI-analyzed exploit summary This Perl script exploits an SQL injection vulnerability in the KutubiSitte module for PHP-Nuke. It crafts a malicious SQL query to extract the admin password hash from the database by manipulating the 'kid' parameter.

Description

SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by r080cy90r · perlwebappsphp

https://www.exploit-db.com/exploits/31344

View Code ZIP pw:eip

This Perl script exploits an SQL injection vulnerability in the KutubiSitte module for PHP-Nuke. It crafts a malicious SQL query to extract the admin password hash from the database by manipulating the 'kid' parameter.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PHP-Nuke with KutubiSitte module

No auth needed

Prerequisites: Target must have the KutubiSitte module installed · Target must be vulnerable to SQL injection via the 'kid' parameter

MITRE ATT&CK