CVE-2014-5275

Pro Chat Rooms Text Chat Rooms 8.2.0 - Authenticated SQL Injection via Password, Email, or ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5275. PoCs published by Mike Manzotti.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in Pro Chat Rooms v8.2.0, including Stored XSS, Reflected XSS, SQL Injection, and Arbitrary File Upload. It provides detailed steps and payloads to exploit these vulnerabilities, including a method to upload a PHP web shell via SQL injection.

Description

Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter.

Exploits (1)

exploitdb WORKING POC

by Mike Manzotti · textwebappsphp

https://www.exploit-db.com/exploits/34275

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in Pro Chat Rooms v8.2.0, including Stored XSS, Reflected XSS, SQL Injection, and Arbitrary File Upload. It provides detailed steps and payloads to exploit these vulnerabilities, including a method to upload a PHP web shell via SQL injection.

Classification

Working Poc 95%

Attack Type

Xss | Sqli | Rce

Complexity

Moderate

Reliability

Reliable

Target: Pro Chat Rooms v8.2.0

Auth required

Prerequisites: Registered user account · Access to the profile upload and edit functionality

MITRE ATT&CK