CVE-2008-3445

phpMyRealty 2.0.0 - SQL Injection via Location Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3445. PoCs published by CraCkEr.

AI-analyzed exploit summary This exploit demonstrates a remote SQL injection vulnerability in phpmyrealty, allowing an attacker to extract admin credentials via a crafted UNION SELECT query. The PoC includes a live demo URL and targets the 'location' parameter in the index.php file.

Description

SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CraCkEr · textwebappsphp

https://www.exploit-db.com/exploits/6180

View Code ZIP pw:eip

This exploit demonstrates a remote SQL injection vulnerability in phpmyrealty, allowing an attacker to extract admin credentials via a crafted UNION SELECT query. The PoC includes a live demo URL and targets the 'location' parameter in the index.php file.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: phpmyrealty (version not specified)

No auth needed

Prerequisites: Target application must have register_globals enabled · Target must be running a vulnerable version of phpmyrealty

MITRE ATT&CK