CVE-2008-7075

Kalptaru Infotech Stararticles - SQL Injection

Title source: rule

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-7075. PoCs published by Stack, b3hz4d.

AI-analyzed exploit summary This PHP script exploits a blind SQL injection vulnerability in the 'stararticles' CMS by brute-forcing the password of a specified user ID through time-based inference. It measures response lengths to determine character values in the password.

Description

Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via (1) the subcatid parameter to article.list.php; or the artid parameter to (2) article.print.php, (3) article.comments.php, (4) article.publisher.php, or (5) article.download.php; and (6) the PATH_INFO to article.download.php. NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Stack · phpwebappsphp

https://www.exploit-db.com/exploits/7243

View Code ZIP pw:eip

This PHP script exploits a blind SQL injection vulnerability in the 'stararticles' CMS by brute-forcing the password of a specified user ID through time-based inference. It measures response lengths to determine character values in the password.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: stararticles CMS (version unspecified)

No auth needed

Prerequisites: Target URL with vulnerable 'artid' parameter · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by b3hz4d · textwebappsphp

https://www.exploit-db.com/exploits/7240

View Code ZIP pw:eip

This is a writeup describing a blind SQL injection vulnerability in the stararticles CMS. It provides examples of vulnerable URLs and payloads to test for the vulnerability.

Classification

Writeup 90%