CVE-2008-3193

jSite 1.0 OE - SQL Injection via Page Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3193. PoCs published by S.W.A.T..

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in jSite 1.0 OE, allowing an attacker to extract admin credentials (username and MD5 password) via a crafted UNION-based SQL query. It also includes details for a Local File Inclusion (LFI) vulnerability and post-exploitation steps for uploading a shell.

Description

SQL injection vulnerability in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the page parameter to the default URI.

Exploits (1)

exploitdb WORKING POC VERIFIED

by S.W.A.T. · textwebappsphp

https://www.exploit-db.com/exploits/6057

View Code ZIP pw:eip

The exploit demonstrates a SQL injection vulnerability in jSite 1.0 OE, allowing an attacker to extract admin credentials (username and MD5 password) via a crafted UNION-based SQL query. It also includes details for a Local File Inclusion (LFI) vulnerability and post-exploitation steps for uploading a shell.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: jSite 1.0 OE

No auth needed

Prerequisites: Target running jSite 1.0 OE · Access to the vulnerable endpoint

MITRE ATT&CK