Exploitation Summary
EIP tracks 1 public exploit for CVE-2009-4155. PoCs published by Isfahan.
AI-analyzed exploit summary This is a detailed writeup describing SQL injection vulnerabilities in Eshopbuilder CMS, specifically in multiple parameters across various pages. It provides examples of injection points but does not include executable exploit code.
Description
Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote attackers to execute arbitrary SQL commands via the sitebid parameter to (1) home-f.asp and (2) opinions-f.asp; (3) sitebid, (4) id, (5) secText, (6) client-ip, and (7) G_id parameters to more-f.asp; (8) sitebid, (9) id, (10) ma_id, (11) mi_id, (12) secText, (13) client-ip, and (14) G_id parameters to selectintro.asp; (15) sitebid, (16) secText, (17) adv_code, and (18) client-ip parameters to advcount.asp; (19) sitebid, (20) secText, (21) Grp_Code, (22) _method, and (23) client-ip parameters to advview.asp; and (24) sitebid, (25) secText, (26) newsId, and (27) client-ip parameters to dis_new-f.asp.
Exploits (1)
This is a detailed writeup describing SQL injection vulnerabilities in Eshopbuilder CMS, specifically in multiple parameters across various pages. It provides examples of injection points but does not include executable exploit code.