CVE-2008-1871

Scriptsagent.com Links Directory 1.1 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1871. PoCs published by t0pP8uZz.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in Links Directory 1.1, allowing an attacker to read local files via the `load_file()` function. The exploit demonstrates how to retrieve sensitive files like `/etc/passwd` or `config.php` by manipulating the `cat_id` parameter.

Description

SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action.

Exploits (1)

exploitdb WRITEUP VERIFIED

by t0pP8uZz · textwebappsphp

https://www.exploit-db.com/exploits/5377

View Code ZIP pw:eip

This is a writeup describing a SQL injection vulnerability in Links Directory 1.1, allowing an attacker to read local files via the `load_file()` function. The exploit demonstrates how to retrieve sensitive files like `/etc/passwd` or `config.php` by manipulating the `cat_id` parameter.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Links Directory 1.1

No auth needed

Prerequisites: Vulnerable Links Directory 1.1 installation · MySQL user with file read permissions

MITRE ATT&CK