CVE-2009-4625

BF Survey Pro Free <1.2.6 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4625. PoCs published by jdc.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in Joomla's BF Survey Pro Free component. It crafts a malicious POST request to update the admin user's credentials, allowing an attacker to log in as 'r00t' with the password 'r00t'.

Description

SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by jdc · phpwebappsphp

https://www.exploit-db.com/exploits/9601

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in Joomla's BF Survey Pro Free component. It crafts a malicious POST request to update the admin user's credentials, allowing an attacker to log in as 'r00t' with the password 'r00t'.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla with BF Survey Pro Free component

No auth needed

Prerequisites: Target must have the vulnerable BF Survey Pro Free component installed · Target must be running a vulnerable version of Joomla

MITRE ATT&CK