CVE-2008-3152

SmartPPC and SmartPPC Pro - SQL Injection via idDirectory Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-3152. PoCs published by ka0x, Hamtaro.

AI-analyzed exploit summary This Perl script exploits a blind SQL injection vulnerability in SmartPPC Pay Per Click Script via the 'idDirectory' parameter in 'directory.php'. It uses multi-threading to brute-force ASCII characters for extracting user credentials from the database.

Description

SQL injection vulnerability in directory.php in SmartPPC and SmartPPC Pro allows remote attackers to execute arbitrary SQL commands via the idDirectory parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by ka0x · perlwebappsphp
https://www.exploit-db.com/exploits/6019

This Perl script exploits a blind SQL injection vulnerability in SmartPPC Pay Per Click Script via the 'idDirectory' parameter in 'directory.php'. It uses multi-threading to brute-force ASCII characters for extracting user credentials from the database.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: SmartPPC Pay Per Click Script
No auth needed
Prerequisites: Target URL with vulnerable 'directory.php' endpoint · Pattern in HTML response to identify successful injection
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Hamtaro · textwebappsphp
https://www.exploit-db.com/exploits/6014

This is a writeup describing a blind SQL injection vulnerability in Pay Per Click Script. It includes a Google dork and a proof-of-concept URL demonstrating the vulnerability.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Pay Per Click Script (SmartPPC.com)
No auth needed
Prerequisites: A vulnerable instance of Pay Per Click Script
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2013/references
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6019
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6014
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30111
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43597

Scores

EPSS 0.0105
EPSS Percentile 59.8%

Details

CWE
CWE-89
Status published
Products (2)
orbitscripts/smartppc
orbitscripts/smartppc_pro
Published Jul 11, 2008
Tracked Since Feb 18, 2026