CVE-2010-2691

2daybiz Custom T-Shirt Design Script - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2691. PoCs published by Sangteamtham.

AI-analyzed exploit summary This is a vulnerability writeup describing SQL injection and XSS vulnerabilities in 2daybiz custom T-shirt software. It provides URLs with vulnerable parameters but does not include functional exploit code.

Description

Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Sangteamtham · textwebappsphp

https://www.exploit-db.com/exploits/14048

View Code ZIP pw:eip

This is a vulnerability writeup describing SQL injection and XSS vulnerabilities in 2daybiz custom T-shirt software. It provides URLs with vulnerable parameters but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: 2daybiz custom T-shirt design script

No auth needed

Prerequisites: access to vulnerable web application

MITRE ATT&CK