CVE-2008-5955

PHPSTREET Webboard 1.0 - SQL Injection via show.php id Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-5955. PoCs published by CWH Underground.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in Wbstreet v1.0 via the 'id' parameter in show.php. It includes a crafted URL to extract user credentials from the MySQL database.

Description

SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by CWH Underground · textwebappsphp

https://www.exploit-db.com/exploits/7337

View Code ZIP pw:eip

The exploit demonstrates a SQL injection vulnerability in Wbstreet v1.0 via the 'id' parameter in show.php. It includes a crafted URL to extract user credentials from the MySQL database.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Wbstreet v1.0

No auth needed

Prerequisites: Access to the vulnerable show.php endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by CWH Underground · textwebappsphp

https://www.exploit-db.com/exploits/32642

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in PHPSTREET Webboard by injecting a UNION-based SQL query to extract user credentials from the MySQL user table. The payload bypasses sanitization by using comment-based obfuscation.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PHPSTREET Webboard (version not specified)

No auth needed

Prerequisites: Target application must be vulnerable to SQL injection · MySQL database must be accessible

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32635

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/47073

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7337

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32994

Scores

EPSS 0.0097

EPSS Percentile 57.4%

Details

CWE

CWE-89

Status published

Products (1)

phpstreet/webboard 1.0

Published Jan 23, 2009

Tracked Since Feb 18, 2026