CVE-2008-3267

mojoJobs - SQL Injection via cat_a Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3267. PoCs published by Mr.SQL.

AI-analyzed exploit summary This Perl script exploits a blind SQL injection vulnerability in MojoJobs.cgi by brute-forcing the admin password character-by-character. It uses LWP::UserAgent to send crafted HTTP requests and checks for a specific string in the response to determine if the injected condition is true.

Description

SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mr.SQL · perlwebappscgi

https://www.exploit-db.com/exploits/6110

View Code ZIP pw:eip

This Perl script exploits a blind SQL injection vulnerability in MojoJobs.cgi by brute-forcing the admin password character-by-character. It uses LWP::UserAgent to send crafted HTTP requests and checks for a specific string in the response to determine if the injected condition is true.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: MojoJobs.cgi (version unspecified)

No auth needed

Prerequisites: Target URL with vulnerable MojoJobs.cgi endpoint · Valid cat_a parameter value

MITRE ATT&CK