CVE-2008-4492

YourOwnBux 4.0 - SQL Injection via usNick Cookie

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-4492. PoCs published by Tec-n0x.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in Yourownbux v4.0 via the 'usNick' cookie in referrals.php. The PoC provides a method to extract user passwords by manipulating the cookie value with SQL queries.

Description

SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Tec-n0x · textwebappsphp

https://www.exploit-db.com/exploits/6693

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in Yourownbux v4.0 via the 'usNick' cookie in referrals.php. The PoC provides a method to extract user passwords by manipulating the cookie value with SQL queries.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Yourownbux v4.0

Auth required

Prerequisites: User must be logged in · Target must be running Yourownbux v4.0

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Tec-n0x · perlwebappsphp

https://www.exploit-db.com/exploits/6438

View Code ZIP pw:eip

This Perl script exploits an authentication bypass vulnerability in Yourownbux v4.0 by modifying cookies to gain administrative access. It attempts common usernames and sets a fixed password to bypass login restrictions.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Yourownbux v4.0

No auth needed

Prerequisites: Target URL with vulnerable Yourownbux installation

MITRE ATT&CK

T1189 - Drive-by Compromise T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/45737

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31624

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4362

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6693

Scores

EPSS 0.0097

EPSS Percentile 57.5%

Details

CWE

CWE-89

Status published

Products (1)

yourownbux/yourownbux 4.0

Published Oct 08, 2008

Tracked Since Feb 18, 2026