CVE-2008-6152
SepCity Faculty Portal - SQL Injection via deptdisplay.asp ID Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-6152. PoCs published by Osmanizim.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Lawyer Portal software, allowing an attacker to extract user credentials from the Members table via a UNION-based attack. The provided URL manipulates the ID parameter to dump usernames and passwords.
Description
SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Portal allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: this was originally reported for Lawyer Portal, which does not have a deptdisplay.asp file.
Exploits (1)
This exploit demonstrates a SQL injection vulnerability in Lawyer Portal software, allowing an attacker to extract user credentials from the Members table via a UNION-based attack. The provided URL manipulates the ID parameter to dump usernames and passwords.