CVE-2008-2679

Realm CMS < 2.3 - SQL Injection via KeyWordsList kwrd Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2679. PoCs published by BugReport.IR.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in Realm CMS 2.3 and prior, including broken authentication via cookie manipulation, SQL injection in the 'KeyWordsList' function, and XSS/DB path disclosure in '/cms/_db/compact.asp'. It provides specific exploit details and mitigation steps.

Description

SQL injection vulnerability in the KeyWordsList function in _includes/inc_routines.asp in Realm CMS 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI.

Exploits (1)

exploitdb WRITEUP VERIFIED

by BugReport.IR · textwebappsphp

https://www.exploit-db.com/exploits/5766

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in Realm CMS 2.3 and prior, including broken authentication via cookie manipulation, SQL injection in the 'KeyWordsList' function, and XSS/DB path disclosure in '/cms/_db/compact.asp'. It provides specific exploit details and mitigation steps.

Classification

Writeup 90%

Attack Type

Auth Bypass | Sqli | Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Realm CMS 2.3 and prior

No auth needed

Prerequisites: Access to the target application · Ability to manipulate cookies and HTTP requests

MITRE ATT&CK