CVE-2008-1869

Site Sift Listings - SQL Injection via id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1869. PoCs published by S@BUN.

AI-analyzed exploit summary This exploit demonstrates SQL injection in Site Sift scripts, allowing an attacker to extract admin credentials via UNION-based SQLi. The PoC provides specific query strings to dump username and password hashes from the admin table.

Description

SQL injection vulnerability in Site Sift Listings allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: this issue might be site-specific.

Exploits (1)

exploitdb WORKING POC VERIFIED

by S@BUN · textwebappsphp

https://www.exploit-db.com/exploits/5383

View Code ZIP pw:eip

This exploit demonstrates SQL injection in Site Sift scripts, allowing an attacker to extract admin credentials via UNION-based SQLi. The PoC provides specific query strings to dump username and password hashes from the admin table.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Site Sift scripts (version unspecified)

No auth needed

Prerequisites: Target application must be vulnerable to SQL injection · Admin table must exist with username and password columns

MITRE ATT&CK