CVE-2009-1742

PC4Arb Pc4 Uploader <= 9.0 - SQL Injection via id Parameter Filter Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1742. PoCs published by Qabandi.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in pc4arb - pc4 Uploader <= 9.0, bypassing a weak SQL filter to execute arbitrary SQL queries. It also includes a method to write a malicious PHP file to the server using MySQL's `into outfile` function.

Description

code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Qabandi · textwebappsphp

https://www.exploit-db.com/exploits/8709

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in pc4arb - pc4 Uploader <= 9.0, bypassing a weak SQL filter to execute arbitrary SQL queries. It also includes a method to write a malicious PHP file to the server using MySQL's `into outfile` function.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: pc4arb - pc4 Uploader v9.0

No auth needed

Prerequisites: magic_quotes_gpc = off · 0777 chmoded folder · location of folder · admin must have added a banner using the 'add banner' feature

MITRE ATT&CK