CVE-2010-2624

iScripts EasySnaps 2.0 - SQL Injection via Comment Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2624. PoCs published by Salvatore Fresta.

AI-analyzed exploit summary The document describes SQL injection vulnerabilities in iScripts EasySnaps 2.0, specifically in the 'comment' parameter of add_comments.php and the 'values' parameter of tags_details.php. It includes a sample HTTP POST request demonstrating the SQLi in tags_details.php.

Description

Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Salvatore Fresta · textwebappsphp

https://www.exploit-db.com/exploits/14162

View Code ZIP pw:eip

The document describes SQL injection vulnerabilities in iScripts EasySnaps 2.0, specifically in the 'comment' parameter of add_comments.php and the 'values' parameter of tags_details.php. It includes a sample HTTP POST request demonstrating the SQLi in tags_details.php.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: iScripts EasySnaps 2.0

No auth needed

Prerequisites: magic_quotes_gpc disabled

MITRE ATT&CK