Exploitation Summary
EIP tracks 4 public exploits for CVE-2013-7189. PoCs published by i-Hmx.
AI-analyzed exploit summary The provided text describes a vulnerability in iScripts AutoHoster where insufficient sanitization of user-supplied data in the 'invno' parameter of 'payinvoiceothers.php' can lead to multiple security issues, including arbitrary command execution or script injection. However, no actual exploit code is included.
Description
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
Exploits (4)
The provided text describes a vulnerability in iScripts AutoHoster where insufficient sanitization of user-supplied data in the 'invno' parameter of 'payinvoiceothers.php' can lead to multiple security issues, including arbitrary command execution or script injection. However, no actual exploit code is included.
This exploit demonstrates SQL injection vulnerabilities in iScripts AutoHoster via the 'checktransferstatusbck.php' endpoint. It includes payloads to extract table names, staff count, and sensitive staff data (passwords, logins, emails) using UNION-based SQLi with MySQL-specific techniques.
This exploit demonstrates SQL injection vulnerabilities in iScripts AutoHoster via the `checktransferstatus.php` endpoint. It includes payloads to extract table names, staff counts, and sensitive staff data (passwords, logins, emails) using UNION-based SQLi with MySQL-specific syntax.
The provided text describes a time-based blind SQL injection vulnerability in iScripts AutoHoster via the /additionalsettings.php endpoint. The POST parameter 'cmbdomain' is identified as the injection point, but no actual exploit code is included.