CVE-2010-4784

PHP Web Scripts Easy Banner Free <2009.05.18 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4784. PoCs published by Aliaksandr Hartsuyeu.

AI-analyzed exploit summary This is a vulnerability writeup describing SQL injection and HTML injection flaws in Easy Banner Free 2009.05.18. It provides example payloads for authentication bypass via SQLi but does not include executable exploit code.

Description

Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Aliaksandr Hartsuyeu · textwebappsphp

https://www.exploit-db.com/exploits/35016

View Code ZIP pw:eip

This is a vulnerability writeup describing SQL injection and HTML injection flaws in Easy Banner Free 2009.05.18. It provides example payloads for authentication bypass via SQLi but does not include executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Easy Banner Free 2009.05.18

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK