CVE-2009-1282

glFusion <= 1.1.2 - SQL Injection via glf_session Cookie Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1282. PoCs published by Nine:Situations:Group.

AI-analyzed exploit summary This exploit targets a blind SQL injection vulnerability in glFusion <= 1.1.2 via the COM_applyFilter() function in session handling. It uses time-based techniques to extract admin hashes from the database.

Description

SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group · phpwebappsphp

https://www.exploit-db.com/exploits/8347

View Code ZIP pw:eip

This exploit targets a blind SQL injection vulnerability in glFusion <= 1.1.2 via the COM_applyFilter() function in session handling. It uses time-based techniques to extract admin hashes from the database.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: glFusion <= 1.1.2

Auth required

Prerequisites: Valid user credentials · MySQL >= 5.0.12 with SLEEP() function

MITRE ATT&CK