CVE-2009-2337

w3b|cms Gaestebuch Guestbook Module 3.0.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2337. PoCs published by DNX.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in w3bcms Gaestebuch v3.0.0, targeting the 'spam_id' parameter in the guestbook module. It extracts admin credentials by brute-forcing character-by-character using conditional SQL queries.

Description

SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DNX · perlwebappsphp

https://www.exploit-db.com/exploits/8396

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in w3bcms Gaestebuch v3.0.0, targeting the 'spam_id' parameter in the guestbook module. It extracts admin credentials by brute-forcing character-by-character using conditional SQL queries.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: w3bcms Gaestebuch v3.0.0

No auth needed

Prerequisites: magic_quotes_gpc = Off · access to the guestbook module

MITRE ATT&CK