CVE-2008-6369

Ocean12 Contact Manager Pro 1.02 - SQL Injection via Sort Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6369. PoCs published by Pouya_Server.

AI-analyzed exploit summary This exploit demonstrates SQL injection, database disclosure, and XSS vulnerabilities in Ocean12 Contact Manager Pro v1.02. It provides direct URLs to exploit these vulnerabilities without requiring authentication.

Description

SQL injection vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to execute arbitrary SQL commands via the Sort parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Pouya_Server · textwebappsphp

https://www.exploit-db.com/exploits/7244

View Code ZIP pw:eip

This exploit demonstrates SQL injection, database disclosure, and XSS vulnerabilities in Ocean12 Contact Manager Pro v1.02. It provides direct URLs to exploit these vulnerabilities without requiring authentication.

Classification

Working Poc 90%

Attack Type

Sqli | Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Ocean12 Contact Manager Pro v1.02

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK