CVE-2008-3374

Gregarius < 0.5.4 - SQL Injection via rsargs Array Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3374. PoCs published by GulfTech Security.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Gregarius <= 0.5.4, allowing unauthenticated attackers to dump admin credentials via a crafted request to /ajax.php. The PoC includes a specific query to extract usernames and password hashes from the users table.

Description

SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/6159

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Gregarius <= 0.5.4, allowing unauthenticated attackers to dump admin credentials via a crafted request to /ajax.php. The PoC includes a specific query to extract usernames and password hashes from the users table.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Gregarius <= 0.5.4

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK