Exploitation Summary
EIP tracks 1 public exploit for CVE-2009-0452. PoCs published by x0r.
AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Online Grades 3.2.4, allowing authentication bypass via a crafted payload. It also discloses the presence of a phpinfo.php file for additional information leakage.
Description
Multiple SQL injection vulnerabilities in parents/login.php in Online Grades 3.2.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameter.
Exploits (1)
This exploit demonstrates an SQL injection vulnerability in Online Grades 3.2.4, allowing authentication bypass via a crafted payload. It also discloses the presence of a phpinfo.php file for additional information leakage.