CVE-2008-6678

QuickerSite 1.8.5 - SQL Injection via sNickName Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6678. PoCs published by BugReport.IR.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in QuickerSite CMS 1.8.5, including insecure direct object references, XSS, and mailbombing. It provides functional HTML forms and URLs to exploit these flaws without requiring authentication.

Description

SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BugReport.IR · textwebappsphp

https://www.exploit-db.com/exploits/5733

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in QuickerSite CMS 1.8.5, including insecure direct object references, XSS, and mailbombing. It provides functional HTML forms and URLs to exploit these flaws without requiring authentication.

Classification

Working Poc 95%

Attack Type

Auth Bypass | Xss | Info Leak | Other

Complexity

Trivial

Reliability

Reliable

Target: QuickerSite CMS 1.8.5

No auth needed

Prerequisites: Access to the target QuickerSite CMS instance

MITRE ATT&CK