CVE-2008-3119

DreamPics Builder - SQL Injection via Page Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3119. PoCs published by Hussin X.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in PICS BUILDER (page) by injecting a UNION-based query to extract user credentials (login and password) from the 'users' table. The PoC includes a live demo URL and targets a specific script path.

Description

SQL injection vulnerability in index.php in DreamPics Builder allows remote attackers to execute arbitrary SQL commands via the page parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Hussin X · textwebappsphp

https://www.exploit-db.com/exploits/6034

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in PICS BUILDER (page) by injecting a UNION-based query to extract user credentials (login and password) from the 'users' table. The PoC includes a live demo URL and targets a specific script path.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PICS BUILDER (page) by Dreamlevels

No auth needed

Prerequisites: Target must be running vulnerable PICS BUILDER software · The 'page' parameter must be vulnerable to SQL injection

MITRE ATT&CK