CVE-2009-1024

Beerwin PHPLinkAdmin 1.0 - SQL Injection via linkid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1024. PoCs published by SirGod.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) and SQL Injection (SQLi) vulnerability in Beerwin's PHPLinkAdmin 1.0. The RFI allows arbitrary file inclusion via the 'page' parameter, while the SQLi enables database information extraction via the 'linkid' parameter.

Description

Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 allow remote attackers to execute arbitrary SQL commands via the linkid parameter to edlink.php, and unspecified other vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/8216

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) and SQL Injection (SQLi) vulnerability in Beerwin's PHPLinkAdmin 1.0. The RFI allows arbitrary file inclusion via the 'page' parameter, while the SQLi enables database information extraction via the 'linkid' parameter.

Classification

Working Poc 90%

Attack Type

Rce | Sqli

Complexity

Trivial

Reliability

Reliable

Target: Beerwin's PHPLinkAdmin 1.0

No auth needed

Prerequisites: Network access to the target application · PHPLinkAdmin 1.0 installed and accessible

MITRE ATT&CK