Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2008-1613 PoC — RedDot CMS ioRD.asp文件SQL注入漏洞

Source
https://github.com/SECFORCE/CVE-2008-1613
Associated Vulnerability
Title:RedDot CMS ioRD.asp文件SQL注入漏洞 (CVE-2008-1613)
Description:RedDot CMS是一款网站内容管理系统。 RedDot CMS的实现上存在输入验证漏洞,远程攻击者可能利用此漏洞执行SQL注入攻击。 传送给RedDot CMS的IoRD.asp文件的LngId参数负责分配CMS应用的语言环境。由于没有正确地验证该参数便在SQL语句中使用,因此远程攻击者可以通过SQL注入攻击绕过限制访问数据库,从数据库中枚举信息。
Description
RedDot CMS versions 7.5 Build 7.5.0.48 and below full database enumeration exploit that takes advantage of a remote SQL injection vulnerability in ioRD.asp.
Readme
# CVE-2008-1613
File Snapshot

 [4.0K]  /data/pocs/5f914295f545f982bddc5f6fd8bfa4ea40d94d43
├── [4.4K]  RD_POC.py
└── [  16]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.