CVE-2008-2448

Meto Forum 1.1 - SQL Injection via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2448. PoCs published by U238.

AI-analyzed exploit summary This exploit demonstrates multiple SQL injection vulnerabilities in Meto Forum v1.1, allowing an attacker to extract user credentials (usernames and passwords) from the database. The PoC includes specific URLs with crafted SQL queries to exploit these vulnerabilities.

Description

Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by U238 · textwebappsasp

https://www.exploit-db.com/exploits/5608

View Code ZIP pw:eip

This exploit demonstrates multiple SQL injection vulnerabilities in Meto Forum v1.1, allowing an attacker to extract user credentials (usernames and passwords) from the database. The PoC includes specific URLs with crafted SQL queries to exploit these vulnerabilities.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Meto Forum v1.1

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK