CVE-2008-5782

ZeeMatri 3.0 - SQL Injection via bannerclick.php adid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5782. PoCs published by Hussin X.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in ZeeMatri v3.0 via the 'adid' parameter in bannerclick.php, allowing an attacker to extract admin credentials (name and password) from the database. The payload uses a UNION-based SQLi technique to concatenate and retrieve sensitive data.

Description

SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Hussin X · textwebappsphp

https://www.exploit-db.com/exploits/7072

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in ZeeMatri v3.0 via the 'adid' parameter in bannerclick.php, allowing an attacker to extract admin credentials (name and password) from the database. The payload uses a UNION-based SQLi technique to concatenate and retrieve sensitive data.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: ZeeMatri v3.0

No auth needed

Prerequisites: Target must be running ZeeMatri v3.0 with vulnerable bannerclick.php endpoint

MITRE ATT&CK