CVE-2008-6805

Mic_Blog 0.0.3 - SQL Injection via cat user or site Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6805. PoCs published by StAkeR.

AI-analyzed exploit summary This exploit targets Mic_blog v0.0.3, demonstrating SQL injection and privilege escalation vulnerabilities. It extracts user credentials via SQLi and can add a new administrator account.

Description

Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to category.php, the (2) user parameter to login.php, and the (3) site parameter to register.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by StAkeR · phpwebappsphp

https://www.exploit-db.com/exploits/6764

View Code ZIP pw:eip

This exploit targets Mic_blog v0.0.3, demonstrating SQL injection and privilege escalation vulnerabilities. It extracts user credentials via SQLi and can add a new administrator account.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Mic_blog v0.0.3

No auth needed

Prerequisites: Network access to the target application · Knowledge of the table prefix and user ID

MITRE ATT&CK