CVE-2010-4799

Chipmunk Pwngame 1.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4799. PoCs published by KnocKout.

AI-analyzed exploit summary This is a writeup describing SQL injection vulnerabilities in Chipmunk Pwngame, including authentication bypass and blind SQL injection techniques. It provides example payloads but does not include executable exploit code.

Description

Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to authenticate.php and the (3) ID parameter to pwn.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by KnocKout · textwebappsphp

https://www.exploit-db.com/exploits/15223

View Code ZIP pw:eip

This is a writeup describing SQL injection vulnerabilities in Chipmunk Pwngame, including authentication bypass and blind SQL injection techniques. It provides example payloads but does not include executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: Chipmunk Pwngame <= (version not specified)

No auth needed

Prerequisites: Access to the login.php or pwn.php endpoints

MITRE ATT&CK