CVE-2004-2746

Pensacola WEB Designs Xtremeasp Photogallery - SQL Injection

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2746. PoCs published by posidron.

AI-analyzed exploit summary The exploit describes an SQL injection vulnerability in XtremeASP PhotoGallery's admin login interface, allowing authentication bypass by injecting 'or' into username and password fields. This results in unauthorized access to administrative pages.

Description

SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by posidron · textwebappsasp

https://www.exploit-db.com/exploits/23547

View Code ZIP pw:eip

The exploit describes an SQL injection vulnerability in XtremeASP PhotoGallery's admin login interface, allowing authentication bypass by injecting 'or' into username and password fields. This results in unauthorized access to administrative pages.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: XtremeASP PhotoGallery

No auth needed

Prerequisites: Access to the admin login page

MITRE ATT&CK