CVE-2008-4524

AdaptCMS 1.3 - SQL Injection via Check User Feature

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4524. PoCs published by StAkeR.

AI-analyzed exploit summary This Perl script exploits a blind SQL injection vulnerability in AdaptCMS Lite <= 1.3 by brute-forcing the password hash of a specified user ID via ASCII character extraction. It uses LWP::UserAgent to send crafted POST requests to the vulnerable endpoint.

Description

SQL injection vulnerability in the "Check User" feature (includes/check_user.php) in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the user_name parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by StAkeR · perlwebappsphp

https://www.exploit-db.com/exploits/6662

View Code ZIP pw:eip

This Perl script exploits a blind SQL injection vulnerability in AdaptCMS Lite <= 1.3 by brute-forcing the password hash of a specified user ID via ASCII character extraction. It uses LWP::UserAgent to send crafted POST requests to the vulnerable endpoint.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: AdaptCMS Lite <= 1.3

No auth needed

Prerequisites: Target URL with vulnerable AdaptCMS installation · Valid user ID to extract password hash

MITRE ATT&CK