CVE-2015-2070

eTouch SamePage Enterprise Edition 4.4.0.0.239 - SQL Injection via catId Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2070. PoCs published by Brandon Perry.

AI-analyzed exploit summary The exploit demonstrates a time-based SQL injection in the `catId` parameter of the `/cm/blogrss/feed` servlet and an authenticated arbitrary file read via `/cm/newui/blog/export.jsp`. SQL injection allows blind extraction of database information, while the file read vulnerability exposes sensitive configuration files containing database credentials.

Description

SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed.

Exploits (1)

exploitdb WORKING POC

by Brandon Perry · textwebappsphp

https://www.exploit-db.com/exploits/36089

View Code ZIP pw:eip

The exploit demonstrates a time-based SQL injection in the `catId` parameter of the `/cm/blogrss/feed` servlet and an authenticated arbitrary file read via `/cm/newui/blog/export.jsp`. SQL injection allows blind extraction of database information, while the file read vulnerability exposes sensitive configuration files containing database credentials.

Classification

Working Poc | Writeup 95%

Attack Type

Sqli | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: eTouch SamePage v4.4.0.0.239

No auth needed

Prerequisites: Network access to the target application · For file read: valid user credentials (easily obtainable via self-registration)

MITRE ATT&CK