CVE-2009-4203

Arab Portal 2.2 - SQL Injection via X-Forwarded-For or Client-IP Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4203. PoCs published by sniper code.

AI-analyzed exploit summary This exploit describes an SQL injection vulnerability in Arab Portal 2.2's admin authentication mechanism. The attack bypasses authentication by injecting a malicious SQL query via the X-Forwarded-For header, allowing unauthorized access to the admin control panel.

Description

Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/.

Exploits (1)

exploitdb WRITEUP VERIFIED

by sniper code · textwebappsphp

https://www.exploit-db.com/exploits/8828

View Code ZIP pw:eip

This exploit describes an SQL injection vulnerability in Arab Portal 2.2's admin authentication mechanism. The attack bypasses authentication by injecting a malicious SQL query via the X-Forwarded-For header, allowing unauthorized access to the admin control panel.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Arab Portal 2.2

No auth needed

Prerequisites: Firefox with X-Forwarded-For Spoofer add-on · Target running Arab Portal 2.2

MITRE ATT&CK