CVE-2008-2339

Turnkey Web Tools SunShop Shopping Cart 3.5.1 - SQL Injection via index.php id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2339. PoCs published by irvian.

AI-analyzed exploit summary This Perl script exploits a blind SQL injection vulnerability in SunShop Shopping Cart 3.5.1 by iterating through character sets to extract usernames or passwords from the database. It uses time-based inference to determine valid characters.

Description

SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549.

Exploits (1)

exploitdb WORKING POC VERIFIED

by irvian · perlwebappsphp

https://www.exploit-db.com/exploits/31800

View Code ZIP pw:eip

This Perl script exploits a blind SQL injection vulnerability in SunShop Shopping Cart 3.5.1 by iterating through character sets to extract usernames or passwords from the database. It uses time-based inference to determine valid characters.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: SunShop Shopping Cart 3.5.1

No auth needed

Prerequisites: target URL · valid item ID · table name · column name (username/password)

MITRE ATT&CK