CVE-2008-2843

doitlive/cms < 2.50 - SQL Injection via ID Parameter or Licence Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2843. PoCs published by BugReport.IR.

AI-analyzed exploit summary This exploit demonstrates SQL injection and XSS vulnerabilities in doITlive CMS <=2.50. It includes PoC URLs for SQLi in the 'ID' parameter and cookie-based auth bypass, as well as an XSS payload in the 'File' parameter.

Description

Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BugReport.IR · textwebappsasp

https://www.exploit-db.com/exploits/5849

View Code ZIP pw:eip

This exploit demonstrates SQL injection and XSS vulnerabilities in doITlive CMS <=2.50. It includes PoC URLs for SQLi in the 'ID' parameter and cookie-based auth bypass, as well as an XSS payload in the 'File' parameter.

Classification

Working Poc 90%

Attack Type

Sqli | Xss | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: doITlive CMS <=2.50

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK