CVE-2014-10034

couponphp < 1.1.0 - Authenticated SQL Injection via iDisplayLength or iDisplayStart Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-10034. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates multiple stored XSS and SQL injection vulnerabilities in couponPHP CMS 1.0. It provides detailed examples of malicious payloads for parameters like 'iDisplayLength', 'iDisplayStart', and 'sEcho' in various scripts, along with proof of execution via error messages and HTTP request/response samples.

Description

Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by LiquidWorm · textwebappsphp

https://www.exploit-db.com/exploits/32037

View Code ZIP pw:eip

This exploit demonstrates multiple stored XSS and SQL injection vulnerabilities in couponPHP CMS 1.0. It provides detailed examples of malicious payloads for parameters like 'iDisplayLength', 'iDisplayStart', and 'sEcho' in various scripts, along with proof of execution via error messages and HTTP request/response samples.

Classification

Working Poc 95%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: couponPHP CMS 1.0

Auth required

Prerequisites: Access to admin interface · Valid session cookies

MITRE ATT&CK