CVE-2010-0762

CommodityRentals CD Rental Software - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0762. PoCs published by Don Tukulesto.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the CD Rentals Script, allowing an attacker to extract admin credentials via a crafted UNION-based SQL query. The PoC provides a direct URL with the malicious payload to dump the admin_name and admin_password from the rental_admin table.

Description

SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Don Tukulesto · textwebappsphp

https://www.exploit-db.com/exploits/11401

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in the CD Rentals Script, allowing an attacker to extract admin credentials via a crafted UNION-based SQL query. The PoC provides a direct URL with the malicious payload to dump the admin_name and admin_password from the rental_admin table.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: CD Rentals Script (version unspecified)

No auth needed

Prerequisites: Target application must be running the vulnerable CD Rentals Script · The 'view=catalog' parameter must be accessible

MITRE ATT&CK