CVE-2008-4887

NetRisk < 2.0 - SQL Injection via id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4887. PoCs published by StAkeR.

AI-analyzed exploit summary This is a writeup detailing XSS and SQL injection vulnerabilities in NetRisk <= 2.0. It provides example payloads for exploitation but does not include executable code.

Description

SQL injection vulnerability in index.php in NetRisk 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) profile page (profile.php) or (2) game page (game.php). NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by StAkeR · textwebappsphp

https://www.exploit-db.com/exploits/6957

View Code ZIP pw:eip

This is a writeup detailing XSS and SQL injection vulnerabilities in NetRisk <= 2.0. It provides example payloads for exploitation but does not include executable code.

Classification

Writeup 100%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: NetRisk <= 2.0

No auth needed

Prerequisites: access to the target web application

MITRE ATT&CK