CVE-2008-6225

Mole Group Airline Ticket Sale Script - SQL Injection via info.php flight parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6225. PoCs published by InjEctOr5.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the mole-group Airline Ticket Script. The PoC provides a specific URL with a crafted SQL query to extract the database user information.

Description

SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread] out such false informations. Such scripts or versions [do not] exist.

Exploits (1)

exploitdb WORKING POC VERIFIED

by InjEctOr5 · textwebappsphp

https://www.exploit-db.com/exploits/7009

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in the mole-group Airline Ticket Script. The PoC provides a specific URL with a crafted SQL query to extract the database user information.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: mole-group Airline Ticket Script

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK