CVE-2008-5630

Post Affiliate Pro <3,3.1.4 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5630. PoCs published by XaDoS.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in Post Affiliate Pro v.3. The vulnerability is triggered via the 'umprof_status' parameter in the merchant's index.php page, allowing an attacker to extract database information through boolean-based blind SQLi techniques.

Description

SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by XaDoS · textwebappsphp

https://www.exploit-db.com/exploits/7238

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in Post Affiliate Pro v.3. The vulnerability is triggered via the 'umprof_status' parameter in the merchant's index.php page, allowing an attacker to extract database information through boolean-based blind SQLi techniques.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Post Affiliate Pro v.3

Auth required

Prerequisites: Valid merchant credentials · Access to the merchant's index.php page

MITRE ATT&CK