CVE-2010-4974

BrotherScripts Auto Dealer - SQL Injection via info.php id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4974. PoCs published by Easy Laster.

AI-analyzed exploit summary This is a SQL injection proof-of-concept for Auto Dealer software, demonstrating a vulnerability in the 'id' parameter of info.php. The exploit uses a UNION-based SQLi to extract data from the 'cars_agents' table, including sensitive fields like username and password.

Description

SQL injection vulnerability in info.php in BrotherScripts (BS) and ScriptsFeed Auto Dealer allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC

by Easy Laster · textwebappsphp

https://www.exploit-db.com/exploits/14239

View Code ZIP pw:eip

This is a SQL injection proof-of-concept for Auto Dealer software, demonstrating a vulnerability in the 'id' parameter of info.php. The exploit uses a UNION-based SQLi to extract data from the 'cars_agents' table, including sensitive fields like username and password.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: BS Auto Dealer (version not specified)

No auth needed

Prerequisites: Access to the vulnerable endpoint (info.php)

MITRE ATT&CK