CVE-2008-6243

Scripts For Sites Hotscripts-like Site - SQL Injection via showcategory.php cid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6243. PoCs published by TR-ShaRk.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the 'showcategory.php' script, allowing an attacker to extract database version information via a UNION-based SQLi attack. The PoC includes a live demo URL and is targeted at a specific web application.

Description

SQL injection vulnerability in showcategory.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the cid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by TR-ShaRk · textwebappsphp

https://www.exploit-db.com/exploits/6903

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in the 'showcategory.php' script, allowing an attacker to extract database version information via a UNION-based SQLi attack. The PoC includes a live demo URL and is targeted at a specific web application.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Unknown (likely a custom PHP application using 'showcategory.php')

No auth needed

Prerequisites: Access to the vulnerable 'showcategory.php' endpoint

MITRE ATT&CK