CVE-2008-3369

ViArt Shop < 3.5 - SQL Injection via products_rss.php category_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3369. PoCs published by GulfTech Security.

AI-analyzed exploit summary This is a detailed writeup describing a SQL injection vulnerability in ViArt Shop <= 3.5, specifically in the 'products_rss.php' file. The vulnerability allows attackers to extract sensitive data such as admin credentials and credit card information via a crafted URL.

Description

SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/6154

View Code ZIP pw:eip

This is a detailed writeup describing a SQL injection vulnerability in ViArt Shop <= 3.5, specifically in the 'products_rss.php' file. The vulnerability allows attackers to extract sensitive data such as admin credentials and credit card information via a crafted URL.

Classification

Writeup 100%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: ViArt Shop <= 3.5

No auth needed

Prerequisites: Access to the target application's URL

MITRE ATT&CK