Exploitation Summary
EIP tracks 1 public exploit for CVE-2012-1017. PoCs published by a.kadir altan.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in BASE 1.4.5 via the `ip_addr` parameter. The PoC includes a crafted URL that extracts the current database user by manipulating the SQL query structure.
Description
Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3) ip_addr[0][9] parameters.
Exploits (1)
This exploit demonstrates a SQL injection vulnerability in BASE 1.4.5 via the `ip_addr` parameter. The PoC includes a crafted URL that extracts the current database user by manipulating the SQL query structure.