CVE-2008-4665

PG Matchmaking - SQL Injection via id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4665. PoCs published by Super Cristal.

AI-analyzed exploit summary This exploit demonstrates SQL injection vulnerabilities in PG Matchmaking Script, allowing unauthorized extraction of admin credentials (Login, Password, EMail) via crafted UNION SELECT queries in news_read.php and gifts_show.php.

Description

SQL injection vulnerability in PG Matchmaking allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) news_read.php and (2) gifts_show.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Super Cristal · textwebappsphp

https://www.exploit-db.com/exploits/6626

View Code ZIP pw:eip

This exploit demonstrates SQL injection vulnerabilities in PG Matchmaking Script, allowing unauthorized extraction of admin credentials (Login, Password, EMail) via crafted UNION SELECT queries in news_read.php and gifts_show.php.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PG Matchmaking Script (version unspecified)

No auth needed

Prerequisites: Access to vulnerable endpoints (news_read.php or gifts_show.php) · SQL injection vulnerability present in target

MITRE ATT&CK