CVE-2008-6394

CS-Cart <= 1.3.5 - SQL Injection via cs_cookies[customer_user_id] Cookie Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6394. PoCs published by GulfTech Security.

AI-analyzed exploit summary This is a detailed writeup describing a SQL injection vulnerability in CS-Cart <= 1.3.5, where the `fn_get_cookie()` function fails to sanitize user input, allowing attackers to bypass authentication or retrieve arbitrary data via crafted cookies.

Description

SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/6352

View Code ZIP pw:eip

This is a detailed writeup describing a SQL injection vulnerability in CS-Cart <= 1.3.5, where the `fn_get_cookie()` function fails to sanitize user input, allowing attackers to bypass authentication or retrieve arbitrary data via crafted cookies.

Classification

Writeup 100%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: CS-Cart <= 1.3.5

No auth needed

Prerequisites: Access to set cookies for the target application

MITRE ATT&CK