CVE-2008-2177

phpDirectorySource 1.1.06 - SQL Injection via lid or login Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2177. PoCs published by InjEctOr5.

AI-analyzed exploit summary This exploit demonstrates SQL injection and administrator login bypass in phpDirectorySource 1.1. It uses a UNION-based SQLi to extract admin credentials and a simple bypass technique for authentication.

Description

Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to show.php and the (2) login parameter to admin.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by InjEctOr5 · textwebappsphp

https://www.exploit-db.com/exploits/5537

View Code ZIP pw:eip

This exploit demonstrates SQL injection and administrator login bypass in phpDirectorySource 1.1. It uses a UNION-based SQLi to extract admin credentials and a simple bypass technique for authentication.

Classification

Working Poc 100%

Attack Type

Sqli | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: phpDirectorySource 1.1

No auth needed

Prerequisites: Target application must be phpDirectorySource 1.1 · SQL injection vulnerability must be present in the 'show.php' endpoint

MITRE ATT&CK